Endpoint Protection

 View Only

  • 1.  three files inder .zip - infection detection.

    Posted Apr 09, 2014 06:19 AM

    If I have .zip file contaning three files. One file is infected. The zip file received by email.

    When infection will detect.

    1) is after email received.

    2) after email opened

    3) after .zip opened

    4) after infected file opened

    5) after infected file closed.

    6) after .zip closed

    7) after email closed.

     

    Please suggest.



  • 2.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 06:22 AM

    it will be after the zip file is opened

    in sepm av policy you have an option to scan zipped files based on how deep you want to scan

    if you  cofigured to 10 and open a zipped file which is 3 level deep, then symantec will detect the moment you try to extract, default is 3, check the is for more info

    Symantec Endpoint Protection Manager - Antivirus and Antispyware - Policies explained

    http://www.symantec.com/business/support/index?page=content&id=TECH104430



  • 3.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 06:35 AM

    ok,

    but if I open .zip file only not touched infected file. what will happen . Is still infection will detect.



  • 4.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 07:36 AM

    Lets say your zipped file is 3 level deep

    Level 1

    level 2

    level 3 ( contains infected file)

    by default symantec scans 3 level deep. if you extract the mail file.it will not find virus, if you run full scan. It will find the virus in level 3

    When does Symantec Endpoint Protection email AutoProtect scan compressed files.

    http://www.symantec.com/business/support/index?page=content&id=TECH106080&locale=en_US



  • 5.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 08:18 AM

    How deep do you have AP set to scan?



  • 6.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 10:40 AM

    Hi mangesh.salunkhe,

    In addition to the above scanning by SEP clients, I recommend ensuring that mail is scanned at your mail server ("defense in depth").  The Internet Security Threat Report shows that threat arriving my mail are still a major concern.

    An overview: https://www-secure.symantec.com/connect/blogs/2013-internet-security-threat-report-year-mega-data-breach

    Full details, downloads, and a video: 2014 Internet Security Threat Report, Volume 19 http://www.symantec.com/security_response/publications/threatreport.jsp

    Many thanks!

    Mick



  • 7.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 11:52 AM

    if I say - All email Auto-Protect options are disabled. Then when infections will detect. Forgot about email server emails scanning.

    I think correct answer is 'when the email is closed'

    please suggest.



  • 8.  RE: three files inder .zip - infection detection.

    Posted Apr 09, 2014 11:55 AM

    If you're not using email AP than the email won't be scanned at all (whether opened or closed).

    The zip file would be scanned when it is "actioned" (ie. downloaded, opened, extracted, etc.)