Protection Engine scans fail with socket error: getpeername: ENOTCONN
search cancel

Protection Engine scans fail with socket error: getpeername: ENOTCONN


Article ID: 200145


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS


Symantec Protection Engine (SPE) scan fails and logs show "Error Message = socket error: getpeername: ENOTCONN". Log entry looks similar to the following:

Jul 12 18:46:22 HOSTNAME symcscan[5932]: The Symantec Protection Engine has encountered a critical error|Date/time of event = 2020-07-12 18:46:22|Event Severity Level = Error|Error Message = socket error: getpeername: ENOTCONN|Symantec Protection Engine IP address = X.X.X.X|Symantec Protection Engine Port number = 1344|Uptime (in seconds) = 2065593|Date/time of event(with millisec) = 2020-07-12 18:46:22:851|Symantec Protection Engine Host Name = HOSTNAME


The connection to SPE was closed before SPE returned a verdict, resulting in this error when it tries to respond to the connector.


In most cases, this is caused by a RST packet sent by a load balancer between the connector and SPE. Gather a packet capture while reproducing the error. You likely will need to gather captures on the scanner and the connector. If the load balancer or connector is sending RST packets, work with the respective vendors to troubleshoot the issue. If the connection is closed by the scanner, ensure that the host machine has the most recent OS updates applied. If the scanner continues to close connections, contact support.