Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 211 Source: SpntLog

Source
Level
Description
The compressed file <file path> contains a file <file name> that is larger than <size>. The file was skipped by Real-Time scan.
Comments
 
For information on how to disable these events, see the link to "Trend Micro Support Solution ID: 119613".
See the link to "Trend Micro Support Solution ID: 18356" for details on this event.

This warning is posted by Real-Time scan if it finds a compressed file that is bigger than the set limit. The default limit is 30MB. This is done in order to not overload the file server with the analysis of a big sized compressed file. In normal cases the file would have been decompressed in a temporary folder and then analyzed. If you want to modify the default value carry out the following operation:
In the base register seek the RSize value in HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TMFILTER\PARAMETER\RSize = X and set the desired value. A value of 60000 would indicate 60MB. For the manual scan modify MSize the same way in:
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TMFILTER\PARAMETERS\MSize = X.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...