Microsoft KB Archive/939418

From BetaArchive Wiki
Knowledge Base


Antigen deletes some .zip files, and the Kaspersky engine returns the virus name as "PASSWORD-PROTECTED-EXE"

Article ID: 939418

Article Last Modified on 12/18/2007


APPLIES TO

  • Microsoft Antigen for Exchange
  • Microsoft Antigen for SMTP Gateways
  • Microsoft Antigen Spam Manager


Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows XP and Windows Vista


SYMPTOMS

On a computer that has Microsoft Antigen 9.0 or Forefront Server Security installed, Antigen or Forefront deletes some compressed (.zip) files. Additionally, the Kaspersky engine returns the virus name as "PASSWORD-PROTECTED-EXE."

This behavior occurs if the following conditions are true:

  • The .zip file is protected with a password.
  • The .zip file contains executable files.


CAUSE

This behavior is a feature that is offered by the Kaspersky engine in Antigen products and in Microsoft Forefront Security products.

WORKAROUND

To work around this behavior, disable the feature that is offered by the Kaspersky engine. To do this, follow these steps.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\100

  3. Create a new DWORD registry value that is called AntigenEncryptedReturnNotInfected, and then type 1 in the Value data box.

You do not have to restart Antigen/Forefront or Microsoft Exchange Server services to enable the registry value.

Note The AntigenEncryptedReturnNotInfected registry value will take effect only if you are using update version 0704110011 or a later version of the Kaspersky engine. We recommend that you update the Kaspersky engine to make sure that you are using an appropriate engine version.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Keywords: kbtshoot kbexpertiseinter kbprb KB939418



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/939418&oldid=231069
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki