Separate Archive scan and "SFX/Runtime Packers" scans

After a long research and a few re-installations, and some frustration and all… :‘( :’( :cry:;new;topicseen#new

I came to know that currently CAV in CIS does not scan “Self Extracting Archives(SFX)” and “Runtime Packers” if we uncheck “scan archive files” in CAV settings. :o

This means if there is any .exe file which is either an SFX archive or a Runtime Packer, it is simply not scanned no matter how you scan it. :-TD

When we uncheck archive scanning we expect it to not scan .zip or .rar or .7z files etc., as unzipping and scanning those archives is very resource consuming, besides they are not executables and therefore pose no threat to us, unless they are extracted manually.

But, it is not the same case with “SFX/Runtime Packers”, they are executables and therefore they definitely pose a threat.

I would like to have two separate check boxes for these two categories i.e.,

  1. SFX archives/Runtime Packers (.exe)
  2. All other non executable archives (.zip, .rar etc.,)

I have attached screenshots of both the existing and proposed settings.

[attachment deleted by admin]


No news or comments ???


it would also be nice if it is by category or type if posible

maybe they should also add java .jar files to the excecutable files?? but im not sure if .jar files can be considered excecutables ( it is a zip file afterall)

They’re only executable if you have Java installed.

Since JRE is common on most of the systems, ‘.jar’ files can also be considered as executable in my opinion

i see maybe also add if there are others , i dont know if there are others though

Isn’t there any one else who is effected by this odd behaviour ?

:-TU +1

Or another possibility: do not consider SFX archives/Runtime Packers as archives. So no need to change GUI.

For a long time, I thought that it was the actual behaviour. But, I lately learned that it was not.

Yes, I agree to it. But, if it slows down the system performance because of big sfx archives scanned in realtime, a separate option for the user to choose is better.

I’ve just watched the languy99 video related to CIS6 and you can see at 10:35 the line “Decompress and scan archive files of extensions” with a link allowing to configure the extensions.
So I think it will be possible to do what we wish in this release. :slight_smile:

So, it means we can manually add .exe and .jar in there so that it decompresses them during scan. Am I correct ? Does .exe qualify to be an archive extension ?

what siva said i said always +1