Symantec Protection Engine (SPE) processes or functionality may fail or respond slower than expected when a Antivirus (AV) application is installed.  Symptoms may include, but not limited to:

• Large number of Generic/24 and Decomposer/24 errors in the daily log files.
• SPE process or service crashes.
• SPE file scanning takes longer than expected or fail entirely
• When SPE is scanning files for NetApp Filers, file access may be excessively slow or blocked due to timeouts between the SPE and NetApp Filer.
  • Some real-time antivirus clients also scan RPC traffic, slowing access from the SPE to the ONTAP_ADMIN$ share on the NetApp Filer. This can result in much slower access to files on shares hosted by NetApp Filer. NetApp Filer can also record timeouts for scans which take too long. The VSCAN of that Filer may then mark SPE as not responding to scan requests, and temporarily remove it from the VSCAN pool until it tries again with another scan in another five minutes.
• SPE definitions fail to update.
• Scans can fail. This is because when a file to be scanned is transferred over the network, SPE can write this file to a temp folder in the the installation directory to scan it. If local Antivirus scans and removes this file before SPE can scan it, the scan will fail, which can cause unexpected behavior on the NAS and file access errors to be logged.

Symantec Protection engine 9.x

Configure your Antivirus software vendor to exclude the following items for SPE If you have installed SPE into a directory other than default, replace these paths with the ones you used:

Folder Exclusions

Windows

• C:\Program Files\Symantec\Scan Engine\
• <install_dir>/temp

Linux

• /opt/SYMCScan/
• <install_dir>/temp

Processes

• symcscan (location: /opt/SYMCscan/bin/symcscan)
• restapi (location: /opt/SYMCscan/RestAPI/restapi)

Port(s)

• 1344 - Only if using ICAP.

RPC

If your real-time antivirus client also scans RPC traffic, create an exclusion for the ONTAP_ADMIN$ share of each NetApp Filer which SPE supports as a member of NetApp Filer's antivirus scanning pool for VSCAN. This exclusion is only needed for machines where SPE is set to use RPC protocol and the FilerPerformerThreshold set to a non-zero value.