When scanning files with Symantec Protection Engine (SPE), SPE logs a Generic Result ID 36 scan error. 

SPE 8.2.2

The Generic 36 error indicates that the scan did not complete within the configured timeout period. This error will appear in the logs even if ByPassScanTimeoutError is set to true.

By default if a file takes longer that 20 seconds to scan it will timeout.  The logs have a column called ScanDurationInSeconds. In the raw logs, this column is "|17|". Generic 36 errors will always have a ScanDurationInSeconds greater than the currently configured value for ScanTimeoutInSeconds. 

This error is expected when scans are aborted due to the configured timeout and does not indicate a problem with scanning.

If reducing the number of Generic / 36 entries on the SPE logs is desired, do one or more of the following:

• Set the ScanTimeoutInSeconds for SPE
• Consider reducing the maximum size of the file which the connector will send to SPE
• Test disabling Insight File Reputation lookups and APK lookups to determine the extent which networking conditions add to the length of scans
• Find the log entry for the file scanned, and check the number in the Scan Duration field, which shows Scan duration in seconds.

To set ScanTimeoutInSeconds for SPE 8.2.2

xmlmodifier -s //filtering/Container/ScanTimeoutInSeconds/@value <value> configuration.xml

Allowed value:
    * 0 to 86400
Default value: 0

NOTE: A value of 0 evaluates to 20 seconds. All other values evaluate to a value in seconds. When configuring for use with NetAppFiler, recommended value is 2/3 of the current setting for the Netapp Filer Request Service Timeout. A value of 0 evaluates to 20 seconds. All other values evaluate to a value in seconds on a 1:1 basis. When configuring for use with NetAppFiler, recommended value is 2/3 of the current setting for the Netapp Filer Request Service Timeout.

Consider reducing the maximum size of the file which the connector will send to SPE to reduce the number of Decomposer / 36 errors for large files that are not expected to complete scans.

An example of a connector which does this is the NetApp Filer which has a -max-file-size parameter for the various vscan commands, here:

• Title: NetApp - vserver vscan on-access-policy show
  URL: https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-920%2Fvserver__vscan__on-access-policy__show.html
  
  

NOTE: This link is offered as an example. BROADCOM is not responsible for content published by other vendors.

Other devices or applications will most likely have mechanisms, configuration values, or command parameters which permit similar configuration. Please consult documentation for your device or application to locate a similar setting or configuration.

To disable Insight and APK lookups

1. Open cmd
2. Go to the Symantec Protection Engine installation directory.
3. Type the following Command and enter:
   .\xmlmodifier -s //policies/ThreatPolicies/InsightScanning/@enabled false policy.xml
   
   
4. Type the following Command and enter:
   .\xmlmodifier -s //policies/ThreatPolicies/APKReputation/@enabled false policy.xml
5. Restart SPE service

To identify the scan duration

In the log for the day when the scan occurs, search for the name of the file scanned then look for the Scan Duration column.

Example:

C:\Program Files\Symantec\Scan Engine\log> ..\logconverter.exe SSE20221011.log | find "example.xls"

Wrong version?

To set ScanTimeoutInSeconds or ByPassScanTimout in SPE 8.2.1 or earlier

These values are in the category3.xml file instead of configuration.xml.