Jump to content

4.3.x does not scan compressed archives (7z, zip, rar, etc.)?


Recommended Posts

Every time I try to manually scan a compressed archive in ZIP, RAR, 7Z etc. formats I see the scan lasts just a moment and the report always says:
Scanned files: 1

image.png.03019966188277c6b8c4c6666872025c.png

even though the archive contains many files... It looks like it's not working as expected even though I've set to scan archives in the MB Settings:

image.png.77db50e830fb6d8ca9d4660a19145b65.png

E.g. of a ZIP scan report:

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 15/02/21
Ora scansione: 22:01
File di log: ecc2bd06-6fd0-11eb-a486-0c9d92a56fd0.json

-Informazioni software-
Versione: 4.3.0.98
Versione componenti: 1.0.1157
Aggiorna versione pacchetto: 1.0.37165
Licenza: Premium

-Informazioni sistema-
SO: Windows 10 (Build 19041.804)
CPU: x64
File system: NTFS
Utente: LAPTOP-DVK1QFAS\Luca

-Riepilogo scansione-
Tipo di scansione: Scansione personalizzata
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 1
Minacce rilevate: 0
Minacce messe in quarantena: 0
Tempo impiegato: 0 min, 2 sec

-Opzioni di scansione-
Memoria: Disattivata
Esecuzioni automatiche: Disattivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Root Admin

I'm not sure if we ever did list them or not, or if we simply listed the one archive file scanned. I've asked the internal team but it's a Holiday here in the USA

From our Support documentation:

Scan within archives: If this box is checked, archive file types such as zip, 7z, rar, cab and msi are scanned up to two levels deep. Password protected archives cannot be tested.

https://support.malwarebytes.com/hc/en-us/articles/360038984773-Scan-types-in-Malwarebytes-for-Windows

 

 

Link to post
Share on other sites

I believe that when scanning an Archive file, MBAM will go only X layers deep and MBAM will not count files in the Archive and just display a scan of 1 file representing the Archive [ ZIP, RAR, 7zip, CAB and MSI ].

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

  • Root Admin

I thought this was a logging issue. It appears that archive scanning is not working as expected. I have reported this to our internal team for review.

Scanning an archive that has infected files within the archive shows no infection. Extracting the same files and context scanning shows there are infected files.

Thank you @Porthos for providing a safe test file to confirm this behavior and thank you @hexaae for reporting

 

  • Like 1
Link to post
Share on other sites

  • Staff

Also keep in mind that in order to actually execute/infect a system, malware within an archive would first need to be extracted (double-clicking a file directly from within the archive causes that file to be extracted to a temp folder before it can be launched into memory), and once that occurs, Malwarebytes' real-time protection should detect the file it and quarantine it if it is a threat.

If using the free version, I'd recommend extracting the archive's contents to their own folder first, then scanning the folder with Malwarebytes to ensure all of the contents are clean, that way you can then either delete the archive, or remove the infected items from the archive and rebuild it without any threats inside.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.