After configuring Symantec Protection Engine (SPE) for Secure ICAP, it no longer will allow non-Secure ICAP.  Checking the ports running, the service no longer listens on 1344 (non-secure), but instead listens on 11344 (Secure). 

One of the following is installed:

• SPE for Network Attached Storage (NAS) 8.x
• SPE for Cloud Services (CS) 8.x

This behavior is by design. 

For customers seeking to migrate from a non-secure ICAP to a secure ICAP, the best practice is to raise a new instance of SPE and configure the new instance for Secure ICAP. This methodology leaves the old instance in place servicing non-secure ICAP scan requests and provides a fallback contingency until migration is complete.