Allow or Disallow Scanning of Archives using Intune Policy

Let’s discuss how to Allow or Disallow the Scanning of Archives using the Intune Policy. This policy controls how security software (like antivirus) handles archive files, such as .ZIP or .CAB, during scans for harmful or unwanted software. It decides whether the antivirus will check inside archive files for threats during regular scans. Archive files are compressed folders that might hide harmful files.

If the policy is Enabled (Not Configured), archive files like .ZIP or .CAB will always be scanned during routine checks. This provides better protection by ensuring no hidden threats are missed, but the scans might take longer.

If the policy is Disabled, archive files won’t be scanned during regular checks. However, the files inside will still be checked if you manually scan a specific archive (like right-clicking on it to scan). Turning this off can speed up scans but increase the risk of missing hidden threats.

This post provides all the information about turning on or off the scanning of archive files, such as .ZIP or .CAB, using an Intune policy. It explains how the policy works, its settings, and how it affects security and performance.

Patch My PC

Windows CSP AllowArchiveScanning

The CSP policy in Windows lets you configure different settings on Windows 10 and later devices using mobile device management (MDM) tools like Intune. These settings are applied using OMA-URI settings, such as AllowArchiveScanning.

  • This policy applies to Devices (not Users).
  • It works with Windows 10 versions 1607 and later, including editions like Pro, Enterprise, Education, Windows SE, and IoT Enterprise / IoT Enterprise LTSC.
  • The path for this setting is.
    • ./Device/Vendor/MSFT/Policy/Config/Defender/AllowArchiveScanning
ScopeEditionsApplicable OS
Device
❌ User
✅ Pro
Enterprise
Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
Windows 10, version 1607 [10.0.14393] and later
Allow or Disallow Scanning of Archives using Intune Policy – Table 1
Allow or Disallow Scanning of Archives using Intune Policy - Fig.1
Allow or Disallow Scanning of Archives using Intune Policy – Fig.1

Allows or Disallows Scanning of Archives using Intune Policy

Sign in to the Microsoft Intune admin center: https://intune.microsoft.com. Select Devices > Configuration profiles > Create profile. To create a profile, first choose the platform. You can select either Windows 10 or later.

  • Then, pick the profile type by selecting Settings Catalog. After that, click the Create button.
Allow or Disallow Scanning of Archives using Intune Policy - Fig.2
Allow or Disallow Scanning of Archives using Intune Policy – Fig.2

Create Profile In Basics Settings

In the Basics section, enter a clear name for the profile. You can also add a description if needed (this step is optional). Then, click Next to continue. The screenshot below shows more details.

Allow or Disallow Scanning of Archives using Intune Policy - Fig.3
Allow or Disallow Scanning of Archives using Intune Policy – Fig.3

Defender

In the Configuration settings section, click Add settings. This will open the settings picker. Choose a category to view all the available options. You can browse by category or search the list for your desired settings.

  • Search Defender and then Allow Archive Scanning.
Allow or Disallow Scanning of Archives using Intune Policy - Fig.4
Allow or Disallow Scanning of Archives using Intune Policy – Fig.4

Allow Archive Scanning

This setting lets you choose whether to allow or block the scanning of archive files. The dropdown menu has two options: allow or block.

  • Allowed – Scans archive files.
  • Not allowed – Turns off scanning for archive files.
Allow or Disallow Scanning of Archives using Intune Policy - Fig.5
Allow or Disallow Scanning of Archives using Intune Policy – Fig.5

Scope Tags and Assignments

Scope tags and assignments are features used to manage and organise settings in a profile. You can add them to a profile to help categorise and filter them. They make identifying and managing profiles across different groups or devices easier.

Allow or Disallow Scanning of Archives using Intune Policy - Fig.6
Allow or Disallow Scanning of Archives using Intune Policy – Fig.6

Review + Create

The Review + Create tab is the final step in setting up a profile. In this section, you can review your selected settings and configurations. It summarises the profile details, including the platform, settings, scope tags, and assignments.

Allow or Disallow Scanning of Archives using Intune Policy - Fig.7
Allow or Disallow Scanning of Archives using Intune Policy – Fig.7

Monitoring Status

The Scanning of Archives policy was created successfully. The Succeeded value shows 1, meaning the creation was successful. The screenshot below provides more details about this process.

Allow or Disallow Scanning of Archives using Intune Policy - Fig.8
Allow or Disallow Scanning of Archives using Intune Policy – Fig.8

Client Side Verification

The MDM Policy Manager is setting a policy called AllowArchiveScanning under the Defender area. The request’s EnrollmentID is B1E9301C-8666-412A-BA2F-3BF8A55BFA62. The policy is applied to the Device, and the Int value is 0x0. The Enrollment Type is 0x6, and the Scope is 0x0. These details describe the policy configuration being applied through MDM.

To confirm this, check the Event log path – Applications and Services Logs – Microsoft – Windows – Devicemanagement-Enterprise-Diagnostics-Provider – Admin.

Allow or Disallow Scanning of Archives using Intune Policy - Fig.9
Allow or Disallow Scanning of Archives using Intune Policy – Fig.9

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.