Can antivirus software detect an encrypted file that is infected by a virus?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The answer is yes and no.
Many AV scanners can see inside files that have some simple encryption, such as some versions of Word DOC files that store the macros in an unencrypted state. Some can even see through some other forms of simple encryption.
However, it is safer to assume that all encrypted files will not be scanned properly for viruses. The vast majority of encryption processes are not covered by AV scanners (and that is, in a way, a reassuring fact for those who use encryption).
To properly scan any file, the scanner must have access to the contents in as pure a state as possible. That is just one justification for running a real-time scanner set on detection upon write/create. When a file is decrypted, a temporary or permanent copy is created on the local hard disk, and the real-time scanner would then scan it.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.