Event ID - 211

Event Id211
SourceSpntLog
DescriptionThe compressed file <file path> contains a file <file name> that is larger than <size>. The file was skipped by Real-Time scan.
Event InformationThis warning is posted by Real-Time scan if it finds a compressed file that is bigger than the set limit. The default limit is 30MB. This is done in order to not overload the file server with the analysis of a big sized compressed file. In normal cases the file would have been decompressed in a temporary folder and then analyzed. If you want to modify the default value carry out the following operation:
In the base register seek the RSize value in HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TMFILTER\PARAMETER\RSize = X and set the desired value. A value of 60000 would indicate 60MB. For the manual scan modify MSize the same way in:
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TMFILTER\PARAMETERS\MSize = X.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh