Some malicious codes change a file’s original extension in order to trick users into opening the file (the extension displayed to users is not the real one).
ContentFilter is the protection module that prevents this action.
For the ContentFilter protection to be able to classify double-extension files as dangerous, the following requirements must be met:
- The first extension must be included in the list of extensions scanned by the permanent protection. If the extension is not present in the default list included in the program, you must enter it.
To verify this,
- In the Windows workstations settings, select the Antivirus File protection settings.
- In the What to scan tab, click Files to scan..., select Extensions... button.
- Verify the extension you want to exclude is included in the list. If not, type it in the New extension box and click Ok.
Note: In a sample.ext1.ext2 file, the first extension is ext1.
- The first extension must be registered in the system. Check out the registry key HKEY_CLASSES_ROOT (Windows Registry editor).
To check it out,
- Open the Windows registry editor.
- Go to HKEY_CLASSES_ROOT registry key and make sure a child key with the name of the extension is displayed. For example: [HKEY_CLASSES_ROOT\.ext1]
- If it is not listed, simply open the .ext1 file with the program you want to use to open it. By doing so, the system will automatically register it.
Once both requirements are met the ContentFilter protection in Panda for Desktops will filter out files of the sample.ext1.ext2 type.