SonicWall Managed Virus Scan (Mcafee Total Protection for Small Business) does not catch ZIP files
03/26/2020 5 11234
SonicWall Managed Virus Scan (Mcafee Total Protection for Small Business) does not catch incoming Viruses that are in compressed (Zipped) format until a full system scan is run.
A notice has been issued for SonicWall Enforced Client's (McAfee and Kaspersky). Please see Notice: End of Support for SonicWall Enforced Client for more information.
Issue: SonicWall Managed Virus Scan (Mcafee Total Protection for Small Business) does not catch incoming Viruses that are in compressed (Zipped) format until a full system scan is run.
Cause: With the default Advanced Settings configuration, it is possible for an on-demand scan to detect threats in archived files that are not detected during an on-access scan. This
is because on-access scans do not look at compressed archives by default. So any Malicious or potentially unwanted programs that are compressed that come in via email, downloads, file shares etcetera are not scanned by default.
If this is a concern for your organization, you should enable this option.
Note: This will cause an impact on system resources.
About the On Access Scanner:
The virus and spyware protection service scans files and folders on client computers whenever they are accessed, which is referred to as an on-access scan. The default on-access scanning policy is:
- All types of files are scanned when opened, and again when closed (if they were modified).
- All email attachments are scanned when accessed and when saved to the hard drive, protecting the computer from email infections.
- Programs are scanned for spyware identifiers, to detect if a spyware program attempts to run or a program attempts to install spyware.
Create a custom policy with On Access Scans of compressed archives enabled.
Step 1) Log into the SonicWall with the AV Licenses applied to it.
Step 2) Navigate to Security Services>Client AV Enforcement and click on “Create Report”
Step 3) Log in with the www.mySonicWall.com account that this SonicWall is registered under and click “enter”
Step 4) Click on “Groups + Policies” then click on “Add policy”
Step 5) Name Policy Accordingly and then click on “Advanced Settings”
Step 6) Note that “Scan within archives during on-access scans (e.g., .zip, .rar, .tat, .tgz)” is not selected by default.
Put a check mark in the box next to “Scan within archives during on-access scans (e.g., .zip, .rar, .tat, .tgz)” and then click on save. This will take you back to the “Groups + Policies” Page.
(The rest of this policy will mirror the Mcafee default policy, so unless you have more configurations you wish to implement, no further configuration is needed on this policy.)
Step 7) Find the “Default Group” and follow all the way to the right and click on “Assign Policy”
Step 8) Drop the “Policy used by group” box down to the newly created custom policy and then click on “Save”
The Default group should now have the custom policy assigned.
Step 9) You can either wait for all of the machines on the LAN to automatically update, or you can force and update by: right clicking on the Mcshield in the Systray, and then clicking on “Update now”