Event Severity Level = Error, Scanner = URL List Lookup, Result ID = 1 after upgrading Protection Engine to v8.2.1

book

Article ID: 196597

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

"Scanner = URL List Lookup, Result ID = 1" errors are seen in the logs after Symantec Protection Engine (SPE) is upgraded to v8.2.1

Entries from converted SPE logs:

Thu Aug 19 05:57:07 JST 2021, The Symantec Protection Engine has encountered a scan error, Event Severity Level = Error, Scanner = URL List Lookup, Result ID = 1, 
Thu Aug 19 13:57:03 JST 2021, The Symantec Protection Engine has encountered a scan error, Event Severity Level = Error, Scanner = URL List Lookup, Result ID = 1, 
Thu Aug 19 21:57:09 JST 2021, The Symantec Protection Engine has encountered a scan error, Event Severity Level = Error, Scanner = URL List Lookup, Result ID = 1, 

Cause

The successful live update happens and this leads to SPE legacy flow to check if there is any change to the URL category list.
In legacy case this was after the successful live update of URL definitions and this would have happened only when URL filtering is enabled.
In 8.2.1, the live update is now part of Stargate including URL and AV. 
Hence there is a need to add strict condition to query for category list only when URL filtering is enabled rather than just depending on Live Update completion. 
So, this is the reason we see pattern of these errors associated with Live Update.

Environment

SPE 8.2.1

Resolution

SPE 8.2.2 will be released with Webpulse risk ratings/URL reputation feature where this issue will be fixed.

Additional Information

Etrack 4270561, Jira SPE-4754