search cancel

Entries in the Protection Engine logs (SPE) show a lot of decomposer 52 errors

book

Article ID: 256417

calendar_today

Updated On:

Products

Protection Engine for NAS

Issue/Introduction

Entries in the Protection Engine logs (SPE) show a lot of decomposer 52  and 21 errors. As a result the dashboard report in the cloud console shows a river of errors where it reports infections and or malware related to the files.

Environment

Release : 8.2.2

Cause

The decomposer errors seemed to stem from the fact that all of the files reported (mostly zip and speadsheet (*.xlsx) contained files that are/were encrypted or password protected. The scan engine could therefore not open them.

 

 

Resolution

Turning off the option in the configuration to scan Encrypted File Archives reduced the number decomposer 52 errors in the SPE logs and malware infections in the cloud console to almost zero.

This configuration change can also be done from a command-line:

Windows ( C:\Program Files\Symantec\Scan Engine\ )


xmlmodifier -s //filtering/Container/EncryptedContainersHandling/@enabled false filtering.xml

Linux ( /opt/SYMCScan/bin )


./xmlmodifier -s //filtering/Container/EncryptedContainersHandling/@enabled false filtering.xml

Attachments