Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

Antigen deletes some .zip files, and the Kaspersky engine returns the virus name as PASSWORD-PROTECTED-EXE

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 939418 - Last Review: December 18, 2007 - Revision: 2.2

Antigen deletes some .zip files, and the Kaspersky engine returns the virus name as "PASSWORD-PROTECTED-EXE"

View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://kbalertz.com/Feedback.aspx?kbNumber=322756/ ) How to back up and restore the registry in Windows

SYMPTOMS

On a computer that has Microsoft Antigen 9.0 or Forefront Server Security installed, Antigen or Forefront deletes some compressed (.zip) files. Additionally, the Kaspersky engine returns the virus name as "PASSWORD-PROTECTED-EXE."

This behavior occurs if the following conditions are true:
  • The .zip file is protected with a password.
  • The .zip file contains executable files.
Back to the top

CAUSE

This behavior is a feature that is offered by the Kaspersky engine in Antigen products and in Microsoft Forefront Security products.
Back to the top

WORKAROUND

To work around this behavior, disable the feature that is offered by the Kaspersky engine. To do this, follow these steps.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\100

    Note If the 3 subkeys KasperskyLab\Components\100 do not exist, create them first and leave them empty.
    For example:

    HKEY_LOCAL_MACHINE\SOFTWARE \KasperskyLab

    HKEY_LOCAL_MACHINE\SOFTWARE \KasperskyLab\Components

    HKEY_LOCAL_MACHINE\SOFTWARE \KasperskyLab\Components\100

    Note If the server is a 64bit server, the path is: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node. Therefore, the final subkey will be:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node \KasperskyLab\Components\100
  3. Create a new DWORD registry value under the 100 key named AntigenEncryptedReturnNotInfected, and then enter 1 in the Value data box.
You do not have to restart Antigen/Forefront or Microsoft Exchange Server services to enable the registry value.

Note The AntigenEncryptedReturnNotInfected registry value will take effect only if you are using update version 0704110011 or a later version of the Kaspersky engine. We recommend that you update the Kaspersky engine to make sure that you are using an appropriate engine version.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Back to the top
APPLIES TO
  • Microsoft Antigen Spam Manager
  • Microsoft Antigen 9.0 for Exchange
  • Microsoft Antigen for SMTP Gateways
  • Microsoft Forefront Security for Exchange Server
Back to the top
Keywords: 
kbtshoot kbexpertiseinter kbprb KB939418
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting