Symantec Protection Engine returns a scan error Generic result ID 34
search cancel

Symantec Protection Engine returns a scan error Generic result ID 34

book

Article ID: 163512

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

The Symantec Protection Engine (SPE) returned scan errors on some or all files. 

Entries like the following appear in the UI on the Detailed report or when using logconverter.exe to transform *.log files to human readable format:

Wed Jul 13 21:13:43 Pacific Daylight Time 2016, The Symantec Protection Engine has encountered a scan error, Event Severity Level = Error, Scanner = Generic, Result ID = 34, Symantec Protection Engine IP address = x.x.x.x, Symantec Protection Engine Port number = 1344, Uptime (in seconds) = 31097

 

Cause

Misconfigured quarantine server settings in Protection Engine

Resolution

 

  1. To stop new Generic / 34 errors from appearing in the log, disable Symantec Quarantine settings within the SPE configuration
  2. If a Symantec Quarantine server is present in the environment, set Symantec Quarantine settings within the SPE configuration to point at the IP and port of the Quarantine Server..

 

To disable Symantec Quarantine settings in the local SPE UI

  1. On Policies> Quarantine, uncheck "Configure quarantine server"
  2. Click Apply  
  3. Close and re-open the SPE UI to confirm the "Configure quarantine server" checkbox is successfully unchecked, similar to the following screenshot:

 

or from command line:

cd "C:\Program Files (x86)\Symantec\Scan Engine" #for a default installation otherwise update with your install folder
./xmlmodifier.exe -s /policies/AntiVirus/QuarantineFiles/@value false policy.xml
./xmlmodifier.exe -s /policies/AntiVirus/QuarantineThreats/@value false policy.xml

 

To set Symantec Quarantine settings in the local SPE UI

  1. On Policies> Quarantine, check "Configure quarantine server"
  2. In the Central quarantine server host or IP field, type a Fully Qualified Domain Name (FQDN) or an IPv4 address.
  3. In the Port field specify a TCP port where the Quarantine server listens for Quarantine submissions.
  4. Click Apply  
  5. Close and re-open the SPE UI to confirm the "Configure quarantine server" checkbox is successfully unchecked, similar to the following screenshot:

 

 

or from the command line:

cd "C:\Program Files (x86)\Symantec\Scan Engine" #for a default installation otherwise update with your install folder

xmlmodifier.exe -s /policies/AntiVirus/QuarantineFiles/@value false policy.xml #A value of true quarantines when a scan error or container violation is detected
xmlmodifier.exe -s /policies/AntiVirus/QuarantineThreats/@value true policy.xml #A value of true quarantines virus and other other threats
xmlmodifier.exe -s /policies/AntiVirus/QuarantineIP/@value "x.x.x.x" policy.xml #replace "x.x.x.x" with the host name or IP of the Quarantine server
xmlmodifier.exe -s /policies/AntiVirus/QuarantinePort/@value "xxxx" policy.xml  #replace "xxxx" with the port specified in the Quarantine server settings

Powered by Wolken Software