Entries in the Protection Engine logs (SPE) show a lot of decomposer 52 and 21 errors. As a result the dashboard report in the cloud console shows a river of errors where it reports infections and or malware related to the files.
Release : 8.2.2
The decomposer errors seemed to stem from the fact that all of the files reported (mostly zip and speadsheet (*.xlsx) contained files that are/were encrypted or password protected. The scan engine could therefore not open them.
Turning off the option in the configuration to scan Encrypted File Archives reduced the number decomposer 52 errors in the SPE logs and malware infections in the cloud console to almost zero.
This configuration change can also be done from a command-line:
Windows ( C:\Program Files\Symantec\Scan Engine\ )
xmlmodifier -s //filtering/Container/EncryptedContainersHandling/@enabled false filtering.xml
Linux ( /opt/SYMCScan/bin )
./xmlmodifier -s //filtering/Container/EncryptedContainersHandling/@enabled false filtering.xml
Do one of the following:
./xmlmodifier -s //configuration/Logging/LogSMTP/@loglevel <value> configuration.xml