Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Understanding the exclusion size limit in agentless environment

    • Updated:
    • 18 May 2018
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

When configuring the exclusion list for anti-malware in the agentless environment of NSX, it is important to pay attention to the size limit of exclusion list (EPSEC limitation).

Details
Public

The limitation was introduced in NSX 6.3.0. Limitation to message size for exclusion filter was introduced in EPSec library 6.3.0. Wherein API would fail if message size for exclusion file path crosses 4096.

VMware has addressed the issue and shared early access EPSec library 6.4.1 with us.

If the total size of your anti-malware configuration exceeds the size limit, the scan will not work and the error log will show something similar to the following:

Feb 13 14:30:02 localhost ds_am: [ERROR] (EPSEC) [2378] Status exception setting filter rules. Ex: VFileGuestStatusException@tid=2378: Event id: 22625367, VFile Guest( subtype: 3, status: 0x8, version: 0x60000.VFileGuest protocol error 8..  Feb 13 14:30:02 localhost ds_am: [ERROR] (EPSEC) [2378] Status exception starting on-demand scan. Ex: VFileGuestStatusException@tid=2378: Event id: 22625367, VFile Guest( subtype: 3, status: 0x8, version: 0x60000.VFileGuest protocol error 8..  Feb 13 14:30:02 localhost ds_am: [ERROR] (EPSEC) [2378] The length of the names has overflowed.  Feb 13 14:30:02 localhost ds_am: [ERROR] (EPSEC) [2378] Out of range exception starting on-demand scan. Ex: VFileGuestOutOfRangeException@tid=2378: Event id: 22625367..
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1119460
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.