ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
How to manually unenroll Protection Engine scanners on Linux
Article ID: 222691
Protection Engine for NAS
Protection Engine for Cloud Services
In certain circumstances, it may be necessary to manually unenroll scanners from the Cloud console in order to re-enroll them.
Please note the following procedure is written for the default installation paths. Paths may require modification if the installation has been customized.
- Download the attached default CAFConfig.ini file. Rename it to CAFConfig.ini.
- Log in to the machine with root permissions, or run the command sudo su after login.
- Stop the CAF Agent and Protection Engine services:
- Remove the existing CAFConfig.ini from /etc/caf/:
rm -rf /etc/caf/CAFConfig.ini
- Copy the attached CAFConfig.ini to the /etc/caf/ directory using SCP, SFTP, or your preferred file copy method.
- Set the permissions and ownership on the new CAFConfig.ini:
chmod 660 /etc/caf/CAFConfig.ini
chown dcscaf:dcscaf /etc/caf/CAFConfig.ini
- Configure SPE to be unenrolled:
./xmlmodifier -r /centralmgmt/Configuration/EnrollmentInfo/DeviceID/@value centralmgmt.xml
./xmlmodifier -s /centralmgmt/Configuration/EnrollmentInfo/Status/@value 0 centralmgmt.xml
- Start the Protection Engine service:
- To re-enroll the scanner to the Cloud console, re-run the enrollment script: