How to enable scanning timeouts for Protection Engine 8.2.2 or later
search cancel

How to enable scanning timeouts for Protection Engine 8.2.2 or later

book

Article ID: 203355

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Procedure to configure Scan timeout in SPE. Also details out steps to bypass the scan timeout error if required.

Resolution

  1. Use xmlmodifier to change ScanTimeoutInSeconds and ByPassScanTimeoutError as desired
  2. To load changes into memory, restart the symcscan service

 

To change ScanTimeoutInSeconds and ByPassScanTimeoutError in SPE 8.2.2 or later

  1. To navigate to the default installation folder containing the configuration.xml file, do one of the following:
    - In Linux bash, type:
    cd /opt/SYMCScan/bin

    - In Windows cmd, type:
    cd "C:\Program Files\Symantec\Scan Engine"

  2. To backup the current configuration.xml, copy it to another folder 

     

  3. To find the current ScanTimeoutInSeconds, type: 

    ./xmlmodifier -q /configuration/ScanTimeoutInSeconds/@value configuration.xml

    Note the current value

     

  4. To set the current ScanTimeoutInSeconds, type: 

    ./xmlmodifier -s /configuration/ScanTimeoutInSeconds/@value 20 configuration.xml

    ... where 20 is the number of seconds for the timeout value  Note: If using a Netapp filer this should be set to 2/3 of the value of the Netapp Filer Request Service Timeout.

  5. To find the current ByPassScanTimeoutError, type: 

    ./xmlmodifier -q /configuration/ByPassScanTimeoutError/@value configuration.xml

    Note the current value

  6. (OPTIONAL) To set ByPassScanTimeoutError to false, type: 

    ./xmlmodifier -s /configuration/ByPassScanTimeoutError/@value false configuration.xml

     

 

To restart the symcscan service do one of the following

  • In windows services.msc, right click on "Symantec Protection Engine" then click Restart
  • In Linux bash, type:
    systemctl restart symcscan
  • In Windows cmd, type:
    net stop symcscan

    net start symcscan

     

 

Additional Information

Earlier version of SPE?

For SPE 8.2.0 or 8.2.1 you would need to upgrade to SPE 8.2.2 to implement this feature.

 

What do these values do?

  • ScanTimeoutInSeconds. Allowed values are positive numbers. Set this value to the desired maximum scan time, in seconds. After the value is reached, SPE will stop processing the scan request and return a verdict.
  • ByPassScanTimeoutError. Allowed values are "true" or "false". .
    • With a value of "false" SPE will return a scan error to the scan request and log a Generic 36 result to the SPE log.
    • With a value of "true" SPE will return a clean verdict to the scan request, and log the same Generic 36 result to the SPE log.

 

Is changing RequestTimeoutInSeconds also needed?

In configuration.xml, RequestTimeoutInSeconds is the number of seconds SPE will wait for a scan request after a TCP connection is open to the ICAP listener on port 1344. By default, this value is set to 300 seconds and needs no adjustment. Usually the scan client sends the scan request almost immediately after the TCP handshake.