Scanning compound files

A common technique for concealing viruses and other malware is to embed them in compound files such as archives or email databases. To detect viruses and other malware that are hidden in this way, the compound file must be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.

The method used to process an infected compound file (disinfection or deletion) depends on the type of file.

The File Threat Protection component disinfects compound files in the RAR, ARJ, ZIP, CAB, and LHA formats and deletes files in all other formats (except mail databases).

To configure scanning of compound files:

  1. Open the application settings window.
  2. In the left part of the window, in the Essential Threat Protection section, select File Threat Protection.

    The settings of the File Threat Protection component are displayed in the right part of the window.

  3. In the Security level section, click the Settings button.

    The File Threat Protection window opens.

  4. In the File Threat Protection window, select the Performance tab.
  5. In the Scan of compound files section, specify the types of compound files that you want to scan: archives, installation packages, or files in office formats.
  6. To scan only new and changed compound files, select the Scan only new and changed files check box.

    The File Threat Protection component will scan only new and changed compound files of all types.

  7. Click the Additional button.

    The Compound files window opens.

  8. In the Background scan section, do one of the following:
    • To block the File Threat Protection component from unpacking compound files in the background, clear the Unpack compound files in the background check box.
    • To allow the File Threat Protection component to unpack compound files when scanning in the background, select the Unpack compound files in the background check box and specify the required value in the Minimum file size field.
  9. In the Size limit section, do one of the following:
    • To block the File Threat Protection component from unpacking large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field. The File Threat Protection component will not unpack compound files that are larger than the specified size.
    • To allow the File Threat Protection component to unpack large compound files, clear the Do not unpack large compound files check box.

      A file is considered large if its size exceeds the value in the Maximum file size field.

    The File Threat Protection component scans large-sized files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.

  10. Click OK.
  11. In the File Threat Protection window, click OK.
  12. To save changes, click the Save button.
Page top