Running SPE for NAS (NetApp) 7.5.0.34. Often, when trying to access ZIP files on our CIFS shares, we get entries like the following:
Wed Sep 17 08:28:39 CDT 2014, A container violation has been found Event Severity Level : Warning File name : \\?\UNC\svm_cifs.mcwcorp.net\ontap_admin$\no_commpress_dedup_share_2\xxxxx\Projects\Fax\xxxxxxxxxxxxxxx\New_Archive_20140819T093041.zip File status : NOT REPAIRED Component name : New_Archive_20140819T093041.zip/xxxxxxxxx/ Component disposition : NOT REPAIRED Container Violation : Malformed container (file not scanned) Client SID : S-1-5-21-1926875443-3069047056-2501060693-44010 Client Computer : 141.106.33.108 Client IP : 141.106.33.108 Scan Duration (sec) : 1.797 Connect Duration (sec) : 1.797 Symantec Protection Engine IP address : 141.106.6.157 Symantec Protection Engine Port number : 0 Uptime (in seconds) : 559598 Requesting Host : 141.106.121.185 VServer Name : SVM_CIFS_Shares
Here are what the pertinent settings are set to:
Enable Malformed Container Handling is checked. It is set to Block.
So, my question, why is the product detecting a malformed container? The file is fine, it was scanned before it was copied to the NAS, etc. I of course can get around this by changing it to Log only, but then I potentially leave a security hole.
Anyone have any ideas asto why this is occurring or how to solve it? Thank you!
Michael R.