How to use Antimalware Scan on Archive
Thanks to Antimalware Scan Interface (AMSI) from Windows 10, Bandizip provides a feature of antimalware scan on an archive, which can detect malware in the archive without decompression.
- This feature is only available on Windows 10.
- This feature performs the scan with the antivirus software already installed on the system.
- This feature does not work if the real-time protection of Windows 10 is disabled.
- This feature does not guarantee that it can detect malware in all types of archives.
- On Bandizip Standard Edition, this feature scans only a file whose size is 1 MB or less among the files in the archive.
How to use
Open an archive with Bandizip and click Scan in the toolbar. You will be notified if any malware is detected.
About Antimalware Scan Interface (AMSI)
Taking countermeasures against malware is a very important issue in the PC environment. Microsoft has introduced Antimalware Scan Interface (AMSI) accordingly, a standard which allows software to call other Antivirus software (AV software) and perform a scan for malware.
Thanks to AMSI, the antimalware scan can be performed using only the content in memory and there is no need to store any infected files in storage. Bandizip scans an archive with AMSI and detects malware in the archive without decompression.
- Windows 10 to offer application developers new malware defenses
- Windows Dev Center - Antimalware Scan Interface (AMSI)
AV Software supporting AMSI
AMSI is available on Windows 10, and Windows Defender which is a built-in antimalware component of Windows 10 supports AMSI as well. Even when you are using other third-party AV software, Bandizip can perform the antimalware scan using AMSI if the software supports AMSI.
As of February 2020, the following AV software supports AMSI:
- Windows Defender
If the third-party AV software which is installed on your system does not support AMSI, AMSI becomes disabled or fails to work properly, and Bandizip cannot perform the antimalware scan.
The following AV software does NOT support AMSI:
- Tencent PC Manager
Why does archiving software need to provide a feature of antimalware scan?
Most AV software can detect malware (such as viruses and ransomware) hidden in an archive. Because the AV software is not archiving software, however, the antimalware scan on an archive which is performed solely by AV software may fail in the following cases:
- The archive is encrypted.
- The archive is in an uncommon format.
- The archive is compressed with an uncommon algorithm.
- The AV software does not scan archives before decompression.
Archiving software such as Bandizip, which does specialize in handling archive files, can provide fast and accurate malware detection with a scan optimized for the characteristics of the archive.
Sample files for detection tests
The sample files below are not detected as malware by most AV software.
The following links provide detection results of the sample files from VirusTotal. You may find that the sample files are hardly detected as malware by AV software.
The samples provided in the links are EICAR test files and NOT actual malware. You may learn more about EICAR in the links below.
This feature may fail to detect malware under the following conditions:
- The AV software installed on the system cannot detect the very type of malware.
- Multiple products of AV software are installed on the system.
- The real-time protection or AMSI support of the AV software is disabled.
- Another archive file is contained in the archive.
- AMSI support of the AV software does not work properly due to other reasons.
This feature cannot detect malware under the following conditions:
- The size of the file in the archive is 1MB or larger. (Free Edition)
- The size of the file in the archive is 10MB or larger. (Paid Edition)
- The OS is not Windows 10.
- The archive is encrypted and the correct password cannot be provided.
- Bandizip does not support the format or the compression algorithm which is used for the archive.
If AMSI initialization fails, try the following steps to solve the issue.
0x80070015. The device is not ready.
Real-time protection is currently off.
- Select Start > Settings > Update & Security > Windows Security > Virus & threat protection > Manage settings.
- Switch the Real-time protection setting to On and choose Yes to verify.
0x80070103. No more data is available.
The AV software on your system does not support AMSI. Uninstall it and install other AV software supporting AMSI instead, and then try again. (Windows 10 comes with Windows Defender, built-in AV software supporting AMSI.)