0

Windows Defender would not detect in real time a new Malware hidden in a .zip file. If I scan the .zip file after it was downloaded from the website it does detect it and deletes it.

Zip file is not protected and it has a simple .exe inside; there are no exemptions an no other specific rules.

Any ideas on where to look and what could be wrong?

KCJ
  • 1
  • 1
  • 3
  • I don't understand the question, but to close it as off-topic seems wrong to me. Why would it be off-topic @sven? – Lenniey Mar 04 '19 at 13:56
  • This is for Windows Defender managed by SCCM in a Business Environment @sven so I believe it should be on topic. – KCJ Mar 04 '19 at 14:05
  • @Lenniey The issue is that users can download some Malware ( specifically 1 .zip file ) and Windows Defender does not detect it in Real Time but it does if the file is scanned either manually after it was downloaded or by the scheduled Scan. – KCJ Mar 04 '19 at 14:07
  • But on the same PC using the same definitions in an active scan it is detected? Is real-time scanning even enabled? – Lenniey Mar 04 '19 at 14:09
  • @Lenniey yes, in an active scan with the same definitions it is detected. Real Time scanning is enabled; it does puzzles me as well on why this behavior. It does detect other Malware files in Real Time. – KCJ Mar 04 '19 at 14:11
  • Any configured path/file/extension-exceptions? – Lenniey Mar 04 '19 at 14:57
  • No path or file or extension exceptions. If I text with the Eicar Zip Malware files it works. – KCJ Mar 05 '19 at 09:25
  • What's the output of `Get-MpPreference | fl *Archive*`? Do you have the GPO "Scan archive files" disabled? – Lenniey Mar 05 '19 at 09:30

0 Answers0