"Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines" during a scan

book

Article ID: 178200

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

During a scheduled scan or a manual scan, you see an entry in the Windows Event Viewer - Application log that is similar to the following:

"Could not scan 1 files inside C:\Winzip81.exe due to extraction errors encountered by the Decomposer Engines."

"Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines"

Cause

This message indicates that a file cannot be scanned. In most cases this is a limitation of the Decomposer Engine's ability to scan compressed or locked files and does not indicate a malfunction in the product.

Resolution

This event is typically encountered when any of the following occur:

  • You scan a file whose content resembles a MIME-encoded archive; see Decomposer Engine errors when performing AntiVirus scans of plain text file
  • You scan an archived file whose compressed size is less than the decomposer's 10-byte minimum.
  • You scan a compressed archive that contains a password-protected file;
    The decomposer engine cannot provide the password required to gain access to the file, so it will be omitted during a scan.
  • You scan files that have been locked for access by the operating system and access cannot be released to the scanner because the file is in use.
  • You scan files that are recursively compressed to a depth that is more than the scan engine is set to scan.
    By default, the scan engine is set to scan a maximum depth of three levels (for example, a zip file contained within a zip file contained within another zip file).
  • You scan files with LH7 compression, which is not a supported format.
    These compressed files commonly have a .lzh extension, and they are omitted by the scan.
  • You scan files that are in use by another user.
    This is most commonly seen when you scan user directories and shared folders and that user has the document in question opened for editing.
  • You scan files that have file system permissions set to deny access.
  • Corruption exists in the virus definitions.
  • Archived files have an extension that is not set in a Custom Scan's "selected extensions".
  • You scan the files has .p7 extension and content type key has x-pkcs-mime, it is either encrypted or contains signed data.

 

 

 

 

 

Attachments