Detect unlocking password encrypted zip file

A free file archiver for extremely high compression

Brought to you by: ipavlov

Detect unlocking password encrypted zip file

Forum: Open Discussion

Created: 2026-01-09

Updated: 2026-02-01

satk0 - 2026-01-09

Hi 7zipers,

I am trying my best to detect extraction of password-protected zip file. I refered to this: https://www.socinvestigation.com/windows-event-id-5379-to-detect-malicious-password-protected-file-unlock/

I've configured Group Policy as in here: https://learn.microsoft.com/en-us/answers/questions/1045216/event-5379:

Security Settings/Local Policies/Audit Policy/Audit account management

Security Settings/Advanced Audit Policy Configuration/Audit Policies/Account Management/Audit User Account Management

I've created an archive with password.

I've extracted an archive

No event 5379 log file in "Security" event logs. Is there any other way, that I can check extracting password protected file with 7zip? Or am I doing something wrong?

Big thanks in advance!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

mdadm - 2026-02-01

In event viewer you can filter view to see event(s) you want...

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.