Can antivirus software detect an encrypted file that is infected by a virus?
The answer is yes and no.
Many AV scanners can see inside files that have some simple encryption, such as some versions of Word DOC files that store the macros in an unencrypted state. Some can even see through some other forms of simple encryption.
However, it is safer to assume that all encrypted files will not be scanned properly for viruses. The vast majority of encryption processes are not covered by AV scanners (and that is, in a way, a reassuring fact for those who use encryption).
To properly scan any file, the scanner must have access to the contents in as pure a state as possible. That is just one justification for running a real-time scanner set on detection upon write/create. When a file is decrypted, a temporary or permanent copy is created on the local hard disk, and the real-time scanner would then scan it.
Dig Deeper on Endpoint protection and client security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.