Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting   09/20/2017

      По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.  || Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published.
mmtag_kav

kes10 sp2 (10.3.0.6294) and Outlook 2016 [In progress]

Recommended Posts

Due to a windows 10 upgrade (from 1511 to 1607), I had to uninstall KES10 Sp1Mr2 (10.2.4.674) and install the only available release KES10 Sp2 (10.3.0.6294) on Kaspersky website.

 

After that in my Outlook 2016, some MS excel attachments with extensions .xlsx are changed to extension .xls_

Pausing KAV, the extension is not changed for new messages.

 

It also changes MS Powerpoint extensions from .pptx to ppt_.

 

Doing the same test with KES10 Sp1Mr3, and the extension is not changed. So it seems to have a bug on KES10 SP2!

 

Going more deeply, I suppose those files were not created originally in MS Excel 2016 or Powerpoint 2016, maybe 2010 or earlier Office versions.

, because if I create from scratch with MS Excel 2016. KES10 SP2 doesn`t change the extension.

 

I couldn`t find a fixpack for KES10 SP2, so where can I get KES10 SP1 MR3 while the fixpack is not available?

 

 

 

Regards,

Michel

 

 

 

Share this post


Link to post
Share on other sites
Due to a windows 10 upgrade (from 1511 to 1607), I had to uninstall KES10 Sp1Mr2 (10.2.4.674) and install the only available release KES10 Sp2 (10.3.0.6294) on Kaspersky website.

 

After that in my Outlook 2016, some MS excel attachments with extensions .xlsx are changed to extension .xls_

Pausing KAV, the extension is not changed for new messages.

 

It also changes MS Powerpoint extensions from .pptx to ppt_.

 

Doing the same test with KES10 Sp1Mr3, and the extension is not changed. So it seems to have a bug on KES10 SP2!

 

Going more deeply, I suppose those files were not created originally in MS Excel 2016 or Powerpoint 2016, maybe 2010 or earlier Office versions.

, because if I create from scratch with MS Excel 2016. KES10 SP2 doesn`t change the extension.

 

I couldn`t find a fixpack for KES10 SP2, so where can I get KES10 SP1 MR3 while the fixpack is not available?

Regards,

Michel

 

Hello,

 

Going ahead, I've just saw it's the "Mail Anti-virus" that is renaming the attachment, even without filter to .xlsx or .pptx.

In the Mail Anti-virus report, I've just saw all the messages with attachments changed, in the column Object with something related to .bin, like "name_of_the_file.xls_//xl/printerSettings/printerSettings1.bin".

If I disable the filter for .bin, it works without change .xlsx to xls_.

So an issue with Mail Anti-virus /Attachment filter/ Rename specified attachment types /.bin on KES10 SP2.

 

How to fix this?

 

Regards,

Michel

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites
Hello,

 

Going ahead, I've just saw it's the "Mail Anti-virus" that is renaming the attachment, even without filter to .xlsx or .pptx.

In the Mail Anti-virus report, I've just saw all the messages with attachments changed, in the column Object with something related to .bin, like "name_of_the_file.xls_//xl/printerSettings/printerSettings1.bin".

If I disable the filter for .bin, it works without change .xlsx to xls_.

So an issue with Mail Anti-virus /Attachment filter/ Rename specified attachment types /.bin on KES10 SP2.

 

How to fix this?

 

Regards,

Michel

 

Hello,

 

Doing more tests, if I create from scratch a MS Excel 2017 file, save it, attache it and send it. The attachment has the extension preserved!

BUT if I get that file and print, then save, attache it and send it. The attachment has the extension changed !!!!!

 

I found in the web: "...The Office OpenXML format files are actually zip files which contain multiple files within them. Antivirus software may recognize them as such, unzip them,

and analyze the contents individually. Among the files which an Office OpenXML document can contain are files such as ... PrinterSettings1.bin (containing printer settings). "

Ref: "https://www.experts-exchange.com/questions/24701775/bin-files-being-embeeded-into-xlsx-attachments-in-emails.html"

 

Of course for protection, it's better not disable the filter for .bin files.

 

Why does it happens with KES10 SP2 and not in KES10 SP1 MR3 and others earlier versions?

 

 

Regards,

Michel

 

Share this post


Link to post
Share on other sites
verdura   

What if disable "Scan attached archives" in Mail Anti-Virus?

 

I made some test with my environment and it worked fine. No rename! My installation is out of the box...

 

 

Hello,

 

Doing more tests, if I create from scratch a MS Excel 2017 file, save it, attache it and send it. The attachment has the extension preserved!

BUT if I get that file and print, then save, attache it and send it. The attachment has the extension changed !!!!!

 

I found in the web: "...The Office OpenXML format files are actually zip files which contain multiple files within them. Antivirus software may recognize them as such, unzip them,

and analyze the contents individually. Among the files which an Office OpenXML document can contain are files such as ... PrinterSettings1.bin (containing printer settings). "

Ref: "https://www.experts-exchange.com/questions/24701775/bin-files-being-embeeded-into-xlsx-attachments-in-emails.html"

 

Of course for protection, it's better not disable the filter for .bin files.

 

Why does it happens with KES10 SP2 and not in KES10 SP1 MR3 and others earlier versions?

Regards,

Michel

Edited by verdura

Share this post


Link to post
Share on other sites
Hello,

 

Doing more tests, if I create from scratch a MS Excel 2017 file, save it, attache it and send it. The attachment has the extension preserved!

BUT if I get that file and print, then save, attache it and send it. The attachment has the extension changed !!!!!

 

I found in the web: "...The Office OpenXML format files are actually zip files which contain multiple files within them. Antivirus software may recognize them as such, unzip them,

and analyze the contents individually. Among the files which an Office OpenXML document can contain are files such as ... PrinterSettings1.bin (containing printer settings). "

Ref: "https://www.experts-exchange.com/questions/24701775/bin-files-being-embeeded-into-xlsx-attachments-in-emails.html"

 

Of course for protection, it's better not disable the filter for .bin files.

 

Why does it happens with KES10 SP2 and not in KES10 SP1 MR3 and others earlier versions?

 

 

Regards,

Michel

 

Hello.

 

SP2 has improved content scanning for different archived and container formats. If you need to rename .bin attachments but not Office container attachments with .bin files in them, disable the option "Scan attached Office formats".

 

Thank you.

Share this post


Link to post
Share on other sites
Hello.

 

SP2 has improved content scanning for different archived and container formats. If you need to rename .bin attachments but not Office container attachments with .bin files in them, disable the option "Scan attached Office formats".

 

Thank you.

 

 

Hi Kirill,

 

I saw the option "Scan attached Office file format" only exist in KES10 SP2. Now in KES10 Sp1 Mr3 and below doesn't have that option. As you said SP2 has improvements.

But, if I disable this option in KES10 SP2, is the office file going to be scanned in case a virus considering "Scan attached archives" is going to be left enabled or it will leave the file without any scanning?

 

 

Regards,

Michel

Share this post


Link to post
Share on other sites
Hi Kirill,

 

I saw the option "Scan attached Office file format" only exist in KES10 SP2. Now in KES10 Sp1 Mr3 and below doesn't have that option. As you said SP2 has improvements.

But, if I disable this option in KES10 SP2, is the office file going to be scanned in case a virus considering "Scan attached archives" is going to be left enabled or it will leave the file without any scanning?

 

 

Regards,

Michel

 

If you uncheck this option, the files will not be scanned by Mail AV, but they will still be scanned on access by File AV.

If you leave it enabled, and leave the option to rename .bin files enabled, such attachments will be renamed.

 

Thank you.

Share this post


Link to post
Share on other sites
What if disable "Scan attached archives" in Mail Anti-Virus?

 

I made some test with my environment and it worked fine. No rename! My installation is out of the box...

 

Thank you Verdura!

 

Disabling this option is not a good idea, once it won't scan any attachment!

I'll wait for details about disabling "Scan attached Office formats".

 

Regards,

Michel

 

Share this post


Link to post
Share on other sites
If you uncheck this option, the files will not be scanned by Mail AV, but they will still be scanned on access by File AV.

If you leave it enabled, and leave the option to rename .bin files enabled, such attachments will be renamed.

 

Thank you.

 

Thank you Kirill,

 

It's clear!

In earlier releases, what kind of viruses Mail AV used to get from attached Office files once they were all just "attached archives" ?

 

 

Regards,

Michel

Share this post


Link to post
Share on other sites
Thank you Kirill,

 

It's clear!

In earlier releases, what kind of viruses Mail AV used to get from attached Office files once they were all just "attached archives" ?

 

 

Regards,

Michel

 

In earlier versions, the capability for deleting and renaming files of specific types within archives is not implemented. Archive renaming is restricted to the attached file, and number of archive formats whose contents can be scanned is limited. This does not affect the scope of objects that scanning can detect, but rather at which point the detection will happen.

 

Thank you.

Share this post


Link to post
Share on other sites
verdura   
Thank you Verdura!

 

Disabling this option is not a good idea, once it won't scan any attachment!

I'll wait for details about disabling "Scan attached Office formats".

 

Regards,

Michel

 

Sorry! That was what I want to say but somehow I copy the text from the other option.

 

Share this post


Link to post
Share on other sites

hello,  I have almost the same problem and I don't knowhow I can solve this.


Since I use Kaspersky Endpoint Security 1210.3.0.6294 (SP2) I have a problem with receive XLs / xlsx files. XLS was unchecked on the attachment filter tab.
What's the difference between: 


- Scan attached Office Formats and Scan Archive?


What's the effect if I uncheck "Scan Attached Office Formats" if I received a ransomware in excel file by e-mail? The file will be scan anyway by file access AV?
Thanks in advance for your help. 

Share this post


Link to post
Share on other sites
4 часа назад, florian.blanc сказал:

hello,  I have almost the same problem and I don't knowhow I can solve this.


Since I use Kaspersky Endpoint Security 1210.3.0.6294 (SP2) I have a problem with receive XLs / xlsx files. XLS was unchecked on the attachment filter tab.
What's the difference between: 


- Scan attached Office Formats and Scan Archive?


What's the effect if I uncheck "Scan Attached Office Formats" if I received a ransomware in excel file by e-mail? The file will be scan anyway by file access AV?
Thanks in advance for your help. 

Hi,

Could you please create incident in CompanyAccount and request pf3076.

Thank you!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×