Endpoint Protection

Hi,

This is probably a stupid question, but I will ask it anyway.  I have read about how many viruses are now being encrypted in .rar format with an .exe file that relays the virus.  Is it possible to get a virus just by extracting the contents of the .rar file?  I am planning to use WinZip if it is safe.  Thanks.

Yes by extracting a virus from a ZIP or RAR file you are taking the lion out of cage. However if AV has definitions for that virus as you extract the rar file it will get detected and deleted/cleaned/quarantined by SEP.

SEP really can not detect viruses in zipped format rar, but that does not mean that the hosts will be contaminated. When the infected file is extracted, the virus will be detected by symantec.

So does that mean that extracting the RAR or ZIP file is equivalent to opening it, and this would allow an executable file to operate?  I always thought that I had to double click on something to open it and make it work.

Extracting it means pulling the contents out of the archive file (rar, zip, etc).  When the contents are being extracted and written to the drive, File System Auto-Protect will step in and check it for malicious code.  The act of extracting the contents out of the archive should not allow an executable to run.

sandra

If its a executable it won't infect until you run it. But SEP will definitely catch it even before you run it.

The Symantec Endpoint Protection client scans compressed files during on-demand, email, and scheduled scans.
You can set how many levels deep you would like SEP to scan which is essential to protect against deeply nested archives.

There is a file called 42.zip that you can find by googling that is only 42Kb but becomes 42 terabytes once uncompressed.
Used to cause havoc with mail servers back in the day.

Because of the significant processing overhead, Auto-Protect does not scan the files that are within compressed files.
However, the files are scanned when they are extracted from compressed files.