Scanning compound files with the AMSI Protection Provider

A common technique for concealing viruses and other malware is to embed them in compound files such as archives. To detect viruses and other malware that are hidden in this way, the compound file must be unpacked, which may slow down scanning. You can limit the types of compound files to be scanned, thus speeding up scanning.

To configure scanning of compound files by the AMSI Protection Provider:

1. In the main application window, click the Settings button.
2. In the left part of the window, in the Security Controls section, select the AMSI Protection Provider subsection.

   The settings of the AMSI Protection Provider component are displayed in the right part of the window.

3. In the Scan of compound files section, specify the types of compound files that you want to scan: archives, distribution package, or files in office formats.
4. In the Size limit section, do one of the following:
   • To block the AMSI Protection Provider component from unpacking large compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field. The AMSI Protection Provider component will not unpack compound files that are larger than the specified size.
   • To allow the AMSI Protection Provider component to unpack large compound files, clear the Do not unpack large compound files check box.

   The AMSI Protection Provider component scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.

5. To save changes, click the Save button.

Page top