Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 16154 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

encrypted or compressed file

chipHDMA

I have run several full scans on a machine that generated some PUA warnings, and the only items remaining that appear in the report are 117 encrypted or compressed items.  What does that mean?  Are they possible threats that can't be scanned by Sophos?  I have used Malwarebytes to see if that count can be lowered, but no luck.

This client is a fully-updated Win7 desktop, running Endpoint Control 10.3, also fully updated.

Thanks for any advice!

:54809


This thread was automatically locked due to age.
Parents
  • 0

    Hello chipHDMA,

    it's not unusual that some encrypted files (e.g. password protected archives or office documents) are encountered. Their names should give you an idea what they could be. I'm not sure about compressed though - could you post some of these errors?

    The purpose of encryption is to hide the contents unless the correct password is provided. Whatever scanner you use will face the same challenge - thus the only way for a scanner to lower the encrypted count would be to quietly skip those files. Naturally they could contain a threat but then the files would have to be decrypted first - usually to a temporary file which is read back at which point the decrypted contents will be scanned by on-access scanning.

    Christian

    :54811
Reply
  • 0

    Hello chipHDMA,

    it's not unusual that some encrypted files (e.g. password protected archives or office documents) are encountered. Their names should give you an idea what they could be. I'm not sure about compressed though - could you post some of these errors?

    The purpose of encryption is to hide the contents unless the correct password is provided. Whatever scanner you use will face the same challenge - thus the only way for a scanner to lower the encrypted count would be to quietly skip those files. Naturally they could contain a threat but then the files would have to be decrypted first - usually to a temporary file which is read back at which point the decrypted contents will be scanned by on-access scanning.

    Christian

    :54811
Children
No Data