How Threat Protection Handles Archive Files Containing Threats

Version 6

    Purpose

     

    The purpose of this document is to provide information on how the Threat Protection within the agent handles threats contained within an archive file, such as a .zip,.rar, .7z, etc.

     

    Symptoms


    In the instance a threat was detected within an archive file on a machine running the Protect Agent with Threat Protection, the file is deleted rather than have the action applied that is defined within the Agent Policy as seen below.

     

    agentthreat.jpg

     

    Cause


    The Threat Protection will remove the archive file that contains the threat as it cannot restore any files in an archive file and therefore, removes it.

     

    Affected Product(s)


    Shavlik Protect 9.x