How to manually unenroll Protection Engine scanners on Linux


Article ID: 222691


Updated On:


Protection Engine for NAS Protection Engine for Cloud Services


In certain circumstances, it may be necessary to manually unenroll scanners from the Cloud console in order to re-enroll them. 


Please note the following procedure is written for the default installation paths. Paths may require modification if the installation has been customized.

  1. Download the attached default CAFConfig.ini file. Rename it to CAFConfig.ini.
  2. Log in to the machine with root permissions, or run the command sudo su after login.
  3. Stop the CAF Agent and Protection Engine services:
    /etc/init.d/cafagent stop 
    /etc/init.d/symcscan stop
  4. Remove the existing CAFConfig.ini from /etc/caf/:
    rm -rf /etc/caf/CAFConfig.ini
  5. Copy the attached CAFConfig.ini to the /etc/caf/ directory using SCP, SFTP, or your preferred file copy method.
  6. Set the permissions and ownership on the new CAFConfig.ini:
    chmod 660 /etc/caf/CAFConfig.ini

    chown dcscaf:dcscaf /etc/caf/CAFConfig.ini
  7. Configure SPE to be unenrolled:
    cd /opt/SYMCScan/bin

    ./xmlmodifier -r /centralmgmt/Configuration/EnrollmentInfo/DeviceID/@value centralmgmt.xml

    ./xmlmodifier -s /centralmgmt/Configuration/EnrollmentInfo/Status/@value 0 centralmgmt.xml
  8. Start the Protection Engine service:
    /etc/init.d/symcscan start
  9. To re-enroll the scanner to the Cloud console, re-run the enrollment script:
    cd /opt/SYMCScan/bin



1630011555083__CAFConfig.ini get_app