Starting late November 2025, Windows endpoints will classify only outer archive files (e.g., .zip, .rar) directly, improving consistency and performance. Internal files won't generate events, and no action is needed. Organizations should update documentation if necessary; no compliance issues are identified.
[Introduction]
We are updating archive file classification behavior on Windows endpoints to align with cloud workloads. This change improves consistency, reduces noise in event reporting, and enhances performance when processing archive files.
[When this will happen:]
The change will begin rolling out late November 2025 and will apply automatically.
[How this affects your organization:]
- Who is affected: All organizations using Windows endpoints with archive file classification enabled.
- What will happen:
- Outer archive files (e.g., .zip, .rar) will now be classified directly.
- Classification will be atomic for improved consistency and reduced latency.
- Internal files within archives will no longer generate individual events; only the outer archive file will be reported.
- Context and label-based rules will not apply to files inside the archive.
- No admin or user action is required for this change to take effect.
[What you can do to prepare:]
- No action is required.
- If you maintain internal documentation on classification behavior, consider updating it to reflect these changes.
[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization.