After configuring Symantec Protection Engine (SPE) for Secure ICAP, it no longer will allow non-Secure ICAP. Checking the ports running, the service no longer listens on 1344 (non-secure), but instead listens on 11344 (Secure).
One of the following is installed:
This behavior is by design.
For customers seeking to migrate from a non-secure ICAP to a secure ICAP, the best practice is to raise a new instance of SPE and configure the new instance for Secure ICAP. This methodology leaves the old instance in place servicing non-secure ICAP scan requests and provides a fallback contingency until migration is complete.