search cancel

Protection Engine Scan Error Generic 36

book

Article ID: 189716

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services Protection for SharePoint Servers

Issue/Introduction

When scanning files with Symantec Protection Engine (SPE), SPE logs a Generic Result ID 36 scan error. 

Cause

The Generic 36 error indicates that the scan did not complete within the configured timeout period. This error will appear in the logs even if ByPassScanTimeoutError is set to true.

By default if a file takes longer that 20 seconds to scan it will timeout.  The logs have a column called ScanDurationInSeconds. In the raw logs, this column is "|17|". Generic 36 errors will always have a ScanDurationInSeconds greater than the currently configured value for ScanTimeoutInSeconds. 

 

Environment

SPE 8.2.2

Resolution

 

This error is expected when scans are aborted due to the configured timeout and does not indicate a problem with scanning.

 

If reducing the number of Generic / 36 entries on the SPE logs is desired, do one or more of the following:

  • Set the ScanTimeoutInSeconds for SPE
  • Consider reducing the maximum size of the file which the connector will send to SPE



To set ScanTimeoutInSeconds for SPE 8.2.2

xmlmodifier -s //filtering/Container/ScanTimeoutInSeconds/@value <value> configuration.xml

Allowed value:
* 0 to 86400
Default value: 0

NOTE: A value of 0 evaluates to 20 seconds. All other values evaluate to a value in seconds. When configuring for use with NetAppFiler, recommended value is 2/3 of the current setting for the Netapp Filer Request Service Timeout. A value of 0 evaluates to 20 seconds. All other values evaluate to a value in seconds on a 1:1 basis. When configuring for use with NetAppFiler, recommended value is 2/3 of the current setting for the Netapp Filer Request Service Timeout.



Consider reducing the maximum size of the file which the connector will send to SPE to reduce the number of Decomposer / 36 errors for large files that are not expected to complete scans.

An example of a connector which does this is the NetApp Filer which has a -max-file-size parameter for the various vscan commands, here:

NOTE: This link is offered as an example. BROADCOM is not responsible for content published by other vendors.

Other devices or applications will most likely have mechanisms, configuration values, or command parameters which permit similar configuration. Please consult documentation for your device or application to locate a similar setting or configuration.

 

 

Additional Information

Wrong version?

To set ScanTimeoutInSeconds or ByPassScanTimout in SPE 8.2.1 or earlier

These values are in the category3.xml file instead of configuration.xml.