Determining whether to scan archive files

Applies To: Forefront Client Security

Client Security lets you control whether to include archive files in scans. Examples of archive files are .zip and .cab files. Scanning archived files might increase the time required to complete a scan, but malware can install itself and attempt to hide in these locations.

Client Security identifies whether a file is an archive by the file's data type, not by the file name extension.

The types of files that Client Security regards as archive files are extensible by updates. Archive files include (but are not limited to) the following file types:

  • ACE

  • ARC

  • ARJ

  • CAB

  • CHM

  • CPIO

  • CPT

  • HAP

  • InstallShield packages

  • ISO

  • LHA

  • LHZ

  • LZH

  • Nullsoft installer packages

  • OLE2

  • PDF

  • Q (Quantum)

  • RAR

  • SIT (but not SITX)

  • TAR

  • Wise Installer packages

  • ZIP

  • ZOO

By default, a new Client Security policy includes archive files in scans.


If you exclude an archive file type by using the Extensions box, Client Security does not scan that type of archive file, even when you have selected the Scan archive files check box.

To configure whether Client Security scans archive files

  1. In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.

  2. In the New Policy or Edit Policy dialog box, click the Advanced tab.

  3. Under Malware scan options, either select or clear the Scan archive files check box, as appropriate.

  4. After you finish creating or editing the policy, click OK.

  5. To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.