Symantec Protection Engine protects your network from the file attachments that can overload the system and consume scanning performance and degrade performance.
This protection includes the container files that have any of the following characteristics:
Contain large numbers of embedded, compressed files
Are designed to maliciously use resources and degrade performance
To enhance scanning performance and reduce your exposure to denial-of-service attacks, you can impose limits to control how Symantec Protection Engine handles container files.
You can specify the following limits for handling container files:
The maximum amount of time, in seconds, that is spent decomposing a container file and its contents
This setting does not apply to .hqx or .amg files.
The maximum file size, in MB, for the individual files that are in a container file
The maximum number of nested levels to be decomposed for scanning
The maximum number of bytes that are read when determining whether a file is MIME-encoded
Symantec Protection Engine scans a file and its contents until it reaches the maximum depth that you specify. Symantec Protection Engine stops scanning any file that meets the maximum file size limit or that exceeds the maximum amount of time to decompose. It then generates a log entry. Symantec Protection Engine resumes scanning any remaining files. This process continues until Symantec Protection Engine scans all of the files to the maximum depth (that do not meet any of the processing limits).
You can specify whether to allow or to deny access to files for which an established limit is met or exceeded. Access is denied by default.
If you allow access to a file that has not been fully scanned, you can expose your network to risks. If you allow access and Symantec Protection Engine detects a risk, it does not repair the file, even if under normal circumstances the file can be repaired. In this case, the file is handled as though the file is unrepairable.
To set container file limits
In the console on the primary navigation bar, click Policies.
In the sidebar under Views, click Filtering.
In the content area on the Container Handling tab, under Container File Processing Limits, in the Time to extract file meets or exceeds box, type the maximum time that Symantec Protection Engine can spend extracting a single container file.
The default setting is 180 seconds (3 minutes). To disable this setting (so that no limit is imposed), type 0.
In the Maximum extract size of file meets or exceeds box, type the maximum file size, in MB, for individual files in a container file.
The maximum value that you can specify for individual files in tar, rar, and zip containers is 30719 MB (~30 GB). The maximum value that you can specify for other containers is 1907 MB (~2 GB).
The default setting is 100 MB. To disable this setting (so that no limit is imposed), type 0.
In the Maximum extract depth of file meets or exceeds box, type the maximum number of nested levels of files that are decomposed within a container file.
The default setting is 10 levels. The maximum value for this setting is 50.
Under When processor limit is met (or exceeded), select whether to allow or deny access to container files for which one or more limits are exceeded.
Access is denied by default.
Under NonMIME threshold, in the No determination after reading box, type the maximum number of bytes that Symantec Protection Engine should scan to determine whether a file is MIME-encoded.
The default setting is 200000 bytes. If Symantec Protection Engine reads the maximum number of bytes and cannot determine whether the file is MIME-encoded, the file is considered to be non-MIME-encoded.
On the toolbar, select one of the following options:
Saves your changes.
Use this option to continue making changes in the console until you are ready to apply them.
Applies your changes.
Your changes are not implemented until you apply them.