none
System Center Endpoint Protection - Realtime Scan - .lz4 compression RRS feed

  • Question

  • Hello,

    I was just wondering if System Center Endpoint Protection supports the .lz4 compression during the real time scan and scheduled scan. Can anyone tell if SCEP does officially support it?

    During my testing it seems not to be the case. I downloaded the the EICAR test file from https://www.etes.de/downloads/eicar-testvirus/ and compressed it by using 7-zip with the .lz4 plugin. (http://www.tc4shell.com/en/7zip/modern7z/).

    I can browse the directory freely and a manual scan of the archive does indeed NOT find the test virus.

    Is there any list of the archive types supported by SCEP?

    OS: is Windows Server 2012R2 with May CU KB4499151 applied

    SCEP Versions:

    Antimalware Client Version: 4.10.209.0
    Engine Version: 1.1.16000.6
    Antivirus definition: 1.295.97.0
    Antispyware definition: 1.295.97.0
    Network Inspection System Engine Version: 2.1.14600.4
    Network Inspection System Definition Version: 119.0.0.0
    Policy Name: Endpoint Protection Default Policy
    Policy Applied: 05.10.2016 at 11:38

    Kind Regards,

    Michael

    Wednesday, June 5, 2019 9:07 AM

All replies

  • Hello,

    We opened a Microsoft Support Ticket and we got the answer, that .lz4 compressed archives are NOT supported by SCEP (and probably other AVs using the Microsoft Scan Engine).

    Kind Regards,

    Michael

    Monday, July 15, 2019 1:28 PM