Hello all,
I don't know if it's a bit late to post a suggestion, but on my wish list would be to have the "decompression bomb" alert to be disabled by default. Any thoughts?
ManFromOz
Why
Because it causes more grief than reassurance, not to mention it is a historic outdated exploit method that in modern computers isn't likely to cause the effect that it was originally designed to do.
This is what I have been saying about this for many, many years in the forums:
The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.
These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.
That said this isn't a suggestion relevant to the Sandbox/Safe Zone but to the main antivirus scanning engine.