Scan compound files
January 10, 2024
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files in the local interface:
- On the protected virtual machine, open the application settings window.
- In the left part of the window, in the Scheduled tasks section, select the subsection with the name of the relevant scan task (Full Scan, Critical Areas Scan or Custom Scan).
If some of the scan tasks do not appear in the section, this means that the policy prohibits configuration of the settings of these scan tasks for all protected virtual machines in the administration group.
In the right part of the window, the settings of the selected scan task are displayed.
- In the Security level section, click the Settings button.
A window with the name of the selected scan task opens.
- In this window on the Scope tab, in the Scan of compound files section, specify which compound files you want to scan: archives, self-extracting archives, embedded OLE objects, mail format files, or password-protected archives by selecting the corresponding check boxes.
- If the Scan only new and changed files check box is cleared in the Scan optimization section, you can specify for each type of compound file whether to scan all files of this type or new ones only. To make your choice, click the all / new link next to the name of a type of compound file. This link changes its value when you click it.
If the Scan only new and changed files check box is set, only new files are scanned.
- Click the Additional button.
The Compound files window opens.
- In the Size limit section, do one of the following:
- If you do not want the application to unpack large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
- If you want the application to unpack large compound files, clear the Do not unpack large compound files check box.
A file is considered large if its size exceeds the value in the Maximum file size field.
The application scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- In the window with the scan task name, click OK.
- To save changes, click the Save button.