search cancel

Endpoint Protection / Endpoint Security Linux agent continues scanning compressed files despite disabled option in policy

book

Article ID: 232817

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

SEP/SES (Symantec Endpoint Protection / Endpoint Security) Linux Agent continues scanning compressed files despite disabled option in policy (unchecked option for "scan compressed files").

Cause

By design. SES for Linux is meant to always scan compressed files and the option to disable AP compressed scanning has been removed in newer versions of SEPM policy. But compressed file scanning can disabled via local configuration at the SEP/SES Linux Agent. 

Environment

SEP Linux Agent, versions 14.3 RU1 and newer

Resolution

This article applies only to SEP/SES Linux Agent versions 14.3 RU1 or newer. For SEP Linux client 14.3 MP1 or older, see How to configure scanning of compressed files in Endpoint Protection for Linux, 14.3 MP1 or older

To disable compressed file scanning in SEP/SES Linux Agent versions 14.3 RU1 or newer, perform the following actions locally at the client:

  • sudo service sisamdagent stop

  • edit /opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini and set scanner.max.container.depth=0

  • sudo service sisamdagent start

Note that this will disable all compressed file scanning, by autoprotect and scheduled and on-demand scans.

Additional Information

CRE-7785