When testing Protection Engine a file containing the EICAR test virus, or other test virus files, the process of uploading the file using the configured framework timed out.  When passing the same file to SPE via the ICAP test program ssecls, it also took 30 seconds to scan even when passed in from the local server.

The SPE server was running on Linux but the issue could also occur in a Windows environment.

CSAPI logging showed that File Reputation scanning was being delayed or blocked due to a firewall or proxy setting or the server is isolated.

To test to see if this is a problem turn off Insight File Scanning. The following is how to do so manually.

Windows:

- Open a command prompt

- Go to "C:\Program Files\Symantec\Scan Engine"

- Run the following command:  xmlmodifier -s //policies/ThreatPolicies/InsightScanning/@enabled false policy.xml

- Restart the Symantec Protection Engine service

Linux:

- From a bash prompt go to /opt/SYMCScan/bin

- Run the following commands:

./xmlmodifier -s //policies/ThreatPolicies/InsightScanning/@enabled false policy.xml

./symcscan.sh restart

If the scan time goes down to a reasonable time after disabling File Reputation Scanning then examine if there is a firewall, proxy or network configuration that needs to be addressed.

According to SPE documentation there are certain Ports and URLs that must be accessible in order for all functions of SPE to work.

Command-line options for configuring proxy settings for SPE