… expecting the web shield to scan encrypted connections ??? ;D … the web shield scans mainly in memory, not at disk level, allowing it to abort connections before anything reaches the file system … so yeah, may be read the forums, search the threads etc… this has been asked a million times already.
That’s a good question… but it didn’t.
If the other files got detected, then it wasn’t by the WebShield; in case of the .com file, it could have been FileSystem Shield detecting the file being written to disk, as for the ZIP files… hard to say, they shouldn’t have been detected unless you had changed some FileSystem Shield settings to unpack archives.
OK. It’s the Explorer extracting the ZIP content into a temporary folder (most likely at the moment when the download is finished and you “open” the archive) - and that extraction is being scanned by the FileSystem Shield.
Anyway, WebShield doesn’t scan HTTPS connections, so these detections are kind of side-effects of something else (such as someone actually extracting the archive).
Oh , when i open the zip folder , there is a MS-DOS application in it , called eicar , if i right click the eicar application , i only see , open , copy , cut , remove , and properties , i click open then the popup comes.