Endpoint Protection

Is there anyway to prevent Symantec Endpoint version 11.0.6xxxx from creating an event in the application log everytime SEP is unable to scan inside a file?  I reviewed the following article but it isn't helpful; http://www.symantec.com/business/support/index?page=content&id=TECH99755

Specifically I'm receiving the message;

Log Name:      Application
Source:        Symantec AntiVirus
Date:          1/17/2011 10:17:35 PM
Event ID:      6
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxxxxxxxxxxxxxxxx
Description:
 

Could not scan 2 files inside c:\temp\Tools\Setup\xxxxxx.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=11.0.6100.463&language=english&module=1000&error=0014&build=symantec_ent

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Symantec AntiVirus" />
    <EventID Qualifiers="33023">6</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-01-18T03:17:35.000000000Z" />
    <EventRecordID>42251</EventRecordID>
    <Channel>Application</Channel>
    <Computer>xxxxxxxxxx</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Could not scan 2 files inside c:\temp\Tools\Setup\_5_RTL_x86_enu_NewFile_Items.cab due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&amp;version=11.0.6100.463&amp;language=english&amp;module=1000&amp;error=0014&amp;build=symantec_ent
</Data>
  </EventData>
</Event>

It basically means the engine wasn't able to scan inside a compresses (zipped) file or if a file was locked. You can ignore these. There is nothing to prevent these that I'm aware of.

You can set the levels to be scanned to avoid this message.

Hi Seed,

I agree with the above advice: Event ID 6 messages can safely be ignored.

Here is an official article on the subject: "Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines" during a scan (http://www.symantec.com/docs/TECH99755)

I recommend having a look at the logging configuration passed down to clients from the SEPM.  It's possible to set SEP clients so that they do not forward this (and other additional) high-volume, low-importance messages to the SEPM.  That will keep the SEPM's reports from being full of these and will help keep the SEPM database size down.

Hope this helps!

Thanks and best regards,

Mick