Microsoft KB Archive/939418

= Antigen deletes some .zip files, and the Kaspersky engine returns the virus name as &quot;PASSWORD-PROTECTED-EXE&quot; =

Article ID: 939418

Article Last Modified on 12/18/2007

-

APPLIES TO


 * Microsoft Antigen for Exchange
 * Microsoft Antigen for SMTP Gateways
 * Microsoft Antigen Spam Manager

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista



SYMPTOMS
On a computer that has Microsoft Antigen 9.0 or Forefront Server Security installed, Antigen or Forefront deletes some compressed (.zip) files. Additionally, the Kaspersky engine returns the virus name as &quot;PASSWORD-PROTECTED-EXE.&quot;

This behavior occurs if the following conditions are true:
 * The .zip file is protected with a password.
 * The .zip file contains executable files.



CAUSE
This behavior is a feature that is offered by the Kaspersky engine in Antigen products and in Microsoft Forefront Security products.



WORKAROUND
To work around this behavior, disable the feature that is offered by the Kaspersky engine. To do this, follow these steps.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.  Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\100

 Create a new DWORD registry value that is called AntigenEncryptedReturnNotInfected, and then type 1 in the Value data box.

You do not have to restart Antigen/Forefront or Microsoft Exchange Server services to enable the registry value.

Note The AntigenEncryptedReturnNotInfected registry value will take effect only if you are using update version 0704110011 or a later version of the Kaspersky engine. We recommend that you update the Kaspersky engine to make sure that you are using an appropriate engine version.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Keywords: kbtshoot kbexpertiseinter kbprb KB939418

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.