SEP/SES (Symantec Endpoint Protection / Endpoint Security) Linux Agent continues scanning compressed files despite disabled option in policy (unchecked option for "scan compressed files").
By design. SES for Linux is meant to always scan compressed files and the option to disable AP compressed scanning has been removed in newer versions of SEPM policy. But compressed file scanning can disabled via local configuration at the SEP/SES Linux Agent.
SEP Linux Agent, versions 14.3 RU1 and newer
This article applies only to SEP/SES Linux Agent versions 14.3 RU1 or newer. For SEP Linux client 14.3 MP1 or older, see How to configure scanning of compressed files in Endpoint Protection for Linux, 14.3 MP1 or older
To disable compressed file scanning in SEP/SES Linux Agent versions 14.3 RU1 or newer, perform the following actions locally at the client:
Note that this will disable all compressed file scanning, by autoprotect and scheduled and on-demand scans.