Video Screencast Help

three files inder .zip - infection detection.

Created: 09 Apr 2014 | 7 comments

If I have .zip file contaning three files. One file is infected. The zip file received by email.

When infection will detect.

1) is after email received.

2) after email opened

3) after .zip opened

4) after infected file opened

5) after infected file closed.

6) after .zip closed

7) after email closed.

Please suggest.

Operating Systems:

Comments 7 CommentsJump to latest comment

Rafeeq's picture

it will be after the zip file is opened

in sepm av policy you have an option to scan zipped files based on how deep you want to scan

if you  cofigured to 10 and open a zipped file which is 3 level deep, then symantec will detect the moment you try to extract, default is 3, check the is for more info

Symantec Endpoint Protection Manager - Antivirus and Antispyware - Policies explained

http://www.symantec.com/business/support/index?pag...

mangesh.salunkhe's picture

ok,

but if I open .zip file only not touched infected file. what will happen . Is still infection will detect.

Mangesh K Salunkhe

Rafeeq's picture

Lets say your zipped file is 3 level deep

Level 1

level 2

level 3 ( contains infected file)

by default symantec scans 3 level deep. if you extract the mail file.it will not find virus, if you run full scan. It will find the virus in level 3

When does Symantec Endpoint Protection email AutoProtect scan compressed files.

http://www.symantec.com/business/support/index?pag...

Brɨan's picture

How deep do you have AP set to scan?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

Hi mangesh.salunkhe,

In addition to the above scanning by SEP clients, I recommend ensuring that mail is scanned at your mail server ("defense in depth").  The Internet Security Threat Report shows that threat arriving my mail are still a major concern.

An overview: https://www-secure.symantec.com/connect/blogs/2013-internet-security-threat-report-year-mega-data-breach

Full details, downloads, and a video: 2014 Internet Security Threat Report, Volume 19 http://www.symantec.com/security_response/publications/threatreport.jsp

Many thanks!

Mick

With thanks and best regards,

Mick

mangesh.salunkhe's picture

if I say - All email Auto-Protect options are disabled. Then when infections will detect. Forgot about email server emails scanning.

I think correct answer is 'when the email is closed'

please suggest.

Mangesh K Salunkhe

Brɨan's picture

If you're not using email AP than the email won't be scanned at all (whether opened or closed).

The zip file would be scanned when it is "actioned" (ie. downloaded, opened, extracted, etc.)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.