Using AMSI Protection to scan compound files

A common technique for concealing viruses and other malware is to embed them in compound files such as archives. To detect viruses and other malware that are hidden in this way, the compound file must be unpacked, which may slow down scanning. You can limit the types of compound files to be scanned, thus speeding up scanning.

To configure AMSI Protection scans of compound files:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Protection → Essential Threat Protection → AMSI Protection.
3. In the Scan of compound files section, specify the types of compound files that you want to scan: archives, distribution package, or files in office formats.
4. In the Size limit section, do one of the following:
   • To block the AMSI Protection component from unpacking large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field. The AMSI Protection component will not unpack compound files that are larger than the specified size.
   • To allow the AMSI Protection component to unpack large compound files, clear the Do not unpack large compound files check box.

   The AMSI Protection component scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.

5. Save your changes.

Page top