1 2 Previous Next 11 Replies Latest reply on Jul 31, 2008 7:33 AM by jsuuronen

    Unable to Scan Password Protected File - Alert Manager

      I know we are receiving hundereds of these warnings - I know now how to stop the emails but why is it happening? I know that my event logs are full now of these messages. WHY????

      Could someone at Mcafee please explain to us poor end users what they are doing about this problem and when it will be fixed because it shouldn't be there by 'design'.
        • 1. RE: Unable to Scan Password Protected File - Alert Manager
          jmcleish
          The scanner cannot gain access to the file if it has a password and you don't know the password.
          • 2. RE: Unable to Scan Password Protected File - Alert Manager
            I am running into the same thing with vscan 8.5i under epo 4.0 with latest Patch 2.

            Since the engine can't scan password protected files, is there a setting in any of the scanning policies that can turn off scanning of password protected files? I couldn't find one initially but only looked for a moment. Perhaps there isn't one because the engine doesn't know it's a password protected file it is scanning until the moment it scans it, however, you would think a policy option that could turn off alerting of password protected files could be designed or something.

            It's not such a problem within EPO because you can filter out any of the Event 1051's if you want to, however the event makes it's way onto the local machine's event viewer and might seem cumbersome to users who have to sift through those event logs all the time and for EPO users, you shouldn't have to look at or always have to filter out all those events, not to mention the extra network traffic required to send all those useless events from every machine to the epo servers. I know the traffic isn't much, but it is enough to be bothersome if you are monitoring traffic to see all these useless event blips all over the place.

            -McLovin
            • 3. Policies
              Im not all that familiar with ePO 4.0 yet. But in 3.6.1 through the policy catalog you can edit the policy for on-access scanning to not report on [Failure to scan encrypted files]. Not sure if this extends to password protected zip files, but if it does should stop your logs from becoming cluttered with these messages.
              • 4. RE: Policies
                Hmm. Tried that setting but it doesn't seem to help for password protected files.

                It would be nice if they had a checkbox there for password protected and not just encrypted.
                I guess everyone else must just be ignoring these errors in the log?

                On second thought, after looking through the logs at thousands of these alerts, everyone can't be ignoring these because it distorts the malware chart making it useless, and that chart is on the default dashboard of EPO 4.0. There must be a way to turn these events off. I mean, it's a useless log event. Pointless to have it making the malware log go crazy for this useless alert.

                I may have to put in a call for this one I guess.
                • 5. Is there a solution to this??
                  I am having the exact same problem and need to stop these annoying alerts in EPO 3.6.1. Please let me know if there is a solution to this.
                  • 6. RE: Is there a solution to this??
                    tonyb99
                    see my answer on your other thread JohnVee
                    • 7. RE: Is there a solution to this??
                      tonyb99
                      PS. in EPO 4.0 I filter not to report on events 1051 and 1059 in all malware reporting

                      And to switch these off in epo 4.0 its

                      configuration
                      server settings
                      event filtering
                      edit button bottom right
                      dump theones you dont want
                      • 8. RE: Is there a solution to this??
                        Won't events still show up on the local machines event viewer?
                        • 9. RE: Is there a solution to this??
                          tonyb99
                          Yes they will, but this is not that much load compared to a few thousand machines accumulated instances hitting your server

                          And in some instances you may find this data usefull so its nice to have it available if you need it
                          1 2 Previous Next