Protection Engine Controller service will not remain started after upgrade
search cancel

Protection Engine Controller service will not remain started after upgrade

book

Article ID: 273861

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

After upgrading from Symantec Protection Engine (SPE) 8.2.1 to version 9.x the Symantec Protection Engine Controller service will not remain started. It will quickly abort on error 1053.

Following message is logged in SymantecProtectionEngineControllerAbortLog.txt:

2026/02/22-23:50:41 0 Symantec Protection Engine Controller is shutting down; logs may contain more information : VirtualHome definitions mode is disabled.

URL Filtering should not be enabled in VirtualHome definitions mode. Turning off VirtualHome definitions mode..

In Symantec Protection Engine (SPE) version 9.2, the controller process has been deprecated. Users should not attempt to start this service, as its functionality has now been integrated into the SPE service.

Key Changes in SPE 9.2:

  1. Controller Process Disabled:

    • The controller process has been intentionally disabled in SPE 9.2. There is no need to enable or manage this service.
    • The functionalities previously handled by the controller process are now managed by the primary SPE service.

  2. Definitions Update:

    • Despite the controller process being disabled, the update of antivirus definitions will continue seamlessly.

  3. URL Insight Feature:

    • SPE 9.2 includes a feature called URL Insight, which scans URLs within files as part of the antivirus scan.
    • Due to limitations with the URL database download, particularly the lack of support for Virtual Home, the URL Insight feature has been removed.

Summary:

The integration of the controller process functionality into the SPE service simplifies the management of SPE, ensuring that necessary updates and operations continue.

Cause

1. The file configuration.xml was corrupted or had invalid characters in it due to being edited directly.

There were multiple entries in configuration.xml for "<CloudName value="none"/> where there should only be one.  This caused the upgrade to double/triple the JavaLocation and other sections. This section directly preceded the "VirtualHome" setting. It is believed the duplicate sections made it difficult to parse the xml file for the correct information.

Example:

<CloudName value="none"/>

<CloudName value="none"/>

<CloudName value="none"/>

2. As per the error message, URL filtering is enabled and should not be in the current configuration.

NOTE: Occasionally licenses have been released containing the as section similar to the following--which renders the URL Reputation Filtering portion of the license invalid. The license should be reissued by a Sales Representative.

If the URL Filtering license is rendered invalid, and URL Filtering is enabled then this will cause the Controller service to abort. 

The controller process is deprecated in 9.2 and later.
This service should remain disabled, the functionality of controller service is now moved to SPE service.
Definition update is unaffected.

The reason being a feature called URL insight, which is part of AV scan (scans URLs within the file). If any URL related feature is enabled then controller process will not come up.
The download URL does not support Virtual Home due to which this feature is removed. 

Resolution

For Cause 1. There is no xmlmodifier command that will remove duplicate sections. Manual editing of the file will be required.

  1. Make a backup copy of configuration.xml
  2. With configuration.xml loaded into a good text editor remove the duplicate entries so that only one remains.
  3. Save the configuration and start the service.

For Cause 2. Disable the URL filtering features.

Linux:

    1. Go to /opt/SYMCScan/bin
    2. Run the following commands:

./xmlmodifier -s //filtering/URLFilter/@enabled false filtering.xml

./xmlmodifier -s //filtering/URLReputation/@enabled false filtering.xml

./symcscan.sh restart

./controller.sh start

./controller.sh status

Windows:

    1. Open an administrative command prompt:
    2. Go to the Scan Engine folder:  CD "C:\Program Files\Symantec\Scan Engine"
    3. Run the following commands in order:

xmlmodifier -s //filtering/URLFilter/@enabled false filtering.xml

xmlmodifier -s //filtering/URLReputation/@enabled false filtering.xml

net stop symcscan && net start symcscan  {or go to the Services panel and restart Symantec Protection Engine service and verify that the controller service started also}

Additional Information

Powered by Wolken Software