How to allow access to files that received a Scan Error verdict by Symantec Protection Engine (SPE).

Symptoms
Unable to access or release files for use because Protection Engine is returning a scan error.

Some files may not be able to be scanned by SPE for various reasons resulting in scan errors being reported to the client application which denies access to the file.

Enable Allow Access On Scan Error, this will prevent SPE from reporting that there was an Error to the client. To enable this,

For SPE prior to 7.5.0:

1. Stop the SPE process.
2. Using the command line, if using Windows use a Command Prompt, and change directories to the SPE Engine install directory.
3. Run the command "java -jar xmlmodifier.jar -s /configuration/protocol/AllowAccessOnScanError/@value true configuration.xml".
4. Start the SPE process.

Note: The java command above assumes java is available in the environmental "PATH" variable and able to be run from the cmd.exe regardless of location. It may be necessary to use the full path to the java binary if it is not in the PATH. ("c:\program files\java\jre6\bin\java -jar xmlmodifier.jar -s /configuration/protocol/AllowAccessOnScanError/@value true configuration.xml")
 

For SPE 7.5.0 to 7.8.1:

1. Stop the SPE process.
2. Using the command line, if using Windows use a Command Prompt, and change directories to the SPE install directory.
3. Run the command "xmlmodifier.exe -s /configuration/protocol/AllowAccessOnScanError/@value true configuration.xml".
4. Start the SPE process.

For SPE 7.9.x and newer:

1. Stop the SPE process.
2. Using the command line, if using Windows use a Command Prompt, and change directories to the SPE install directory.
3. Run the command "XMLModifier.exe -s /policies/ThreatPolicies/Actions/AllowAccessOnScanError/@value "true" policy.xml".
4. Start the SPE process.