This content has been marked as final. Show 11 replies
The scanner cannot gain access to the file if it has a password and you don't know the password.
I am running into the same thing with vscan 8.5i under epo 4.0 with latest Patch 2.
Since the engine can't scan password protected files, is there a setting in any of the scanning policies that can turn off scanning of password protected files? I couldn't find one initially but only looked for a moment. Perhaps there isn't one because the engine doesn't know it's a password protected file it is scanning until the moment it scans it, however, you would think a policy option that could turn off alerting of password protected files could be designed or something.
It's not such a problem within EPO because you can filter out any of the Event 1051's if you want to, however the event makes it's way onto the local machine's event viewer and might seem cumbersome to users who have to sift through those event logs all the time and for EPO users, you shouldn't have to look at or always have to filter out all those events, not to mention the extra network traffic required to send all those useless events from every machine to the epo servers. I know the traffic isn't much, but it is enough to be bothersome if you are monitoring traffic to see all these useless event blips all over the place.
Im not all that familiar with ePO 4.0 yet. But in 3.6.1 through the policy catalog you can edit the policy for on-access scanning to not report on [Failure to scan encrypted files]. Not sure if this extends to password protected zip files, but if it does should stop your logs from becoming cluttered with these messages.
Hmm. Tried that setting but it doesn't seem to help for password protected files.
It would be nice if they had a checkbox there for password protected and not just encrypted.
I guess everyone else must just be ignoring these errors in the log?
On second thought, after looking through the logs at thousands of these alerts, everyone can't be ignoring these because it distorts the malware chart making it useless, and that chart is on the default dashboard of EPO 4.0. There must be a way to turn these events off. I mean, it's a useless log event. Pointless to have it making the malware log go crazy for this useless alert.
I may have to put in a call for this one I guess.
I am having the exact same problem and need to stop these annoying alerts in EPO 3.6.1. Please let me know if there is a solution to this.
see my answer on your other thread JohnVee
PS. in EPO 4.0 I filter not to report on events 1051 and 1059 in all malware reporting
And to switch these off in epo 4.0 its
edit button bottom right
dump theones you dont want
Won't events still show up on the local machines event viewer?
Yes they will, but this is not that much load compared to a few thousand machines accumulated instances hitting your server
And in some instances you may find this data usefull so its nice to have it available if you need it