Antivirus path exceptions needed for Protection Engine 8.x and 9.x
search cancel

Antivirus path exceptions needed for Protection Engine 8.x and 9.x


Article ID: 172449


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS



Symantec Protection Engine (SPE) functions fail to work as expected at times when local Antivirus is installed. Symptoms may include a large number of Generic/24 and Decomposer/24 errors in the daily log files of SPE. When SPE is scanning files for NetApp Filers, file access may be excessively slow or blocked due to timeouts between the SPE and NetApp Filer.



Local antivirus (such as SEP) can sometimes interfere with essential files and folders within the installation directory. These interferences can cause the following:

  • Antivirus definitions can fail to update. This is because some antivirus software can 1) consider the definitions to be viral and 2) consider the program that processes the definitions to be tampering and harming existing Antivirus solutions.

  • Scans can fail. This is because when a file to be scanned is transferred over the network, SPE can write this file to a temp folder in the the installation directory to scan it. If local Antivirus scans and removes this file before SPE can scan it, the scan will fail, which can cause unexpected behavior on the NAS and file access errors to be logged.

  • Some real-time antivirus clients also scan RPC traffic, slowing access from the SPE to the ONTAP_ADMIN$ share on the NetApp Filer. This can result in much slower access to files on shares hosted by NetApp Filer. NetApp Filer can also record timeouts for scans which take too long. The VSCAN of that Filer may then mark SPE as not responding to scan requests, and temporarily remove it from the VSCAN pool until it tries again with another scan in another five minutes.


Configure your Antivirus software to exclude SPE's installation directory listed below. If you have installed SPE into a directory other than default, replace these paths with the ones you used:

C:\Program Files\Symantec\Scan Engine\


In addition, if your real-time antivirus client also scans RPC traffic, create an exclusion for the ONTAP_ADMIN$ share of each NetApp Filer which SPE supports as a member of NetApp Filer's antivirus scanning pool for VSCAN. This exclusion is only needed for machines where SPE is set to use RPC protocol and the FilerPerformerThreshold set to a non-zero value.

Additional Information

These exclusions may also work for SPE 7.x and SPE 8.x prior to build 8.2.2, but BROADCOM no longer supports builds earlier than 8.2.2. In such cases, scheduling an upgrade is recommended as well.
Reference: Symantec Protection Engine End of Service (EOS) dates by versions