Instructions for enabling ScanFileSave logging on Protection Engine 7.8.x and later.

book

Article ID: 160950

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS

Issue/Introduction

Symantec Protection Engine (SPE) returned unexpected results. ScanFileSave logging has been requested.

Environment

  • Symantec Protection Engine (SPE) for Network Attached Storage (NAS) 7.8.x or later
  • SPE for Cloud Services (CS) 7.8.x or later

 

Resolution

 

NOTE: Enabling the ScanFileSave logging collects all transaction data.  This is a debugging feature and should be used only for reproduction purposes.  Enabling this feature adds significant system overhead which could impact productivity if left enabled on a production environment..

 

To enable ScanFileSave logging for Windows:

  1. Download the category3.xml from this KB article.
  2. Navigate to Symantec Protection Engine installation directory (Default for 7.8 and up: C:\Program Files\Symantec\Scan Engine.)
  3. Open configuration.xml in a plain text editor (Notepad.exe)
  4. Locate the following value on the first line:  "version="######"
  5. Open the category3.xml in a plain text editor (Notepad.exe)
  6. Modify the version value to match the version number listed inside configuration.xml.
  7. Provide a log path by modifying the <ScanFileSaveDir> value  (Example: <ScanFileSave value="C:\temp\SaveScanLog"/>  )
  8. Save changes to category3.xml
  9. Copy category3.xml to Symantec Protection Engine installation directory (Default for 7.8 and up: C:\Program Files\Symantec\Scan Engine. For 7.5: C:\Program Files (x86)\Symantec\Scan Engine)
  10. Restart Symantec Protection Engine service to initialize ScanFileSave logging.

Expected Result: In the directory specified for ScanFileSaveDir in category3.xml, Protection Engine will create an additional directory with a name which matches the following format:
scanfilesave-yyymmdd-time

 

To enable ScanFileSave logging for Linux:

  1. At a shell prompt, obtain root credentials.
  2. Download the category3.xml from this KB article.
  3. Navigate to Symantec Protection Engine installation directory (Default: /opt/SYMCScan/bin )
  4. Grep configuration.xml for version (cat configuration.xml | grep version)
  5. Locate the following value:  "version="######"
  6. Open the category3.xml in a plain text editor.
  7. Modify the version value to match the version number listed inside configuration.xml.
  8. Provide a log path by modifying the <ScanFileSaveDir> value  (Example: <ScanFileSave value="/opt/SYMCScan/ScanFileSave"/>  )
  9. Save changes to category3.xml
  10. Create a directory matching the specified value in ScanFileSaveDir.
  11. Copy category3.xml to Symantec Protection Engine installation directory (Default: /opt/SYMCScan/bin )
  12. Restart Symantec Protection Engine daemon to initialize ScanFileSave logging.  (/etc/init.d/symcscan restart)

Expected Result: In the directory specified for ScanFileSaveDir in category3.xml, Protection Engine will create an additional directory with a name which matches the following format:
scanfilesave-yyymmdd-time

 

To disable ScanFileSave logging on Linux or Windows

  1. Delete the file named category3.xml from the Symantec Protection Engine installation directory
  2. Restart the Symantec Protection Engine Service.

 

NOTE: Permissible values for "ScanFileSaveSetting" are
- ALL
- CRASH
- CLEAN
- REPAIRED
- CONTAINER
- MAIL_POLICY
- NOT_REPAIRED
- NO_LICENCE
- INTERNAL_ERROR
- MALFORMED_CONTAINER
- TRACE
- NOT_CLEAN
- NOT_OK
- OK

 

Additional Information

Wrong version? 

  • The steps above work for SPE 7.5.x, but the default location for Protection Engine 7.5.x on Windows is C:\Program Files (x86)\Symantec\Scan Engine

Attachments

category3.xml get_app