Symantec Protection Engine Controller service will not remain started after upgrade

Products

Protection Engine for Cloud Services Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

After upgrading from Protection Engine for Cloud 8.2.1 to version 9.x the Symantec Protection Engine Controller service will not remain started. It will quickly abort on error 1053.

The abort log, "SymantecProtectionEngineControllerAbortLog.txt" contained the following reasons:

Symantec Protection Engine Controller is shutting down; logs may contain more information : VirtualHome definitions mode is disabled.

URL Filtering should not be enabled in VirtualHome definitions mode. Turning off VirtualHome definitions mode..

In Symantec Protection Engine (SPE) version 9.2, the controller process has been deprecated. Users should not attempt to start this service, as its functionality has now been integrated into the SPE service.

Key Changes in SPE 9.2:

Controller Process Disabled:
- The controller process has been intentionally disabled in SPE 9.2. There is no need to enable or manage this service.
- The functionalities previously handled by the controller process are now managed by the primary SPE service.
Definitions Update:
- Despite the controller process being disabled, the update of antivirus definitions will continue seamlessly.
URL Insight Feature:
- SPE 9.2 includes a feature called URL Insight, which scans URLs within files as part of the antivirus scan.
- Due to limitations with the URL database download, particularly the lack of support for Virtual Home, the URL Insight feature has been removed.

Summary:

The integration of the controller process functionality into the SPE service simplifies the management of SPE, ensuring that necessary updates and operations continue.

Environment

Release : 9.0.1

Cause

1. The file configuration.xml was corrupted or had invalid characters in it due to being edited directly.

There were multiple entries in configuration.xml for "<CloudName value="none"/>" where there should only be one. This caused the upgrade to double/triple the JavaLocation and other sections. This section directly preceded the "VirtualHome" setting. It is believed the duplicate sections made it difficult to parse the xml file for the correct information.

Example:

2. As per the error message, URL filtering is enabled and should not be in the current configuration.

NOTE: Occasionally licenses have been released containing the as section similar to the following--which renders the URL Reputation Filtering portion of the license invalid. The license should be reissued by a Sales Representative.

If the URL Filtering license is rendered invalid, and URL Filtering is enabled then this will cause the Controller service to abort.

The controller process is deprecated in 9.2. Please do not try to start this service. The functionality of controller service is now moved to SPE service.

In 9.2 we have disabled the controller process. Let it be disabled. You should not worry about it as their defs update will happen anyway.

The reason behind that is There is a feature called URL insight. Which is part of AV scan (scans URLs within the file). The URL db download does not support Virtual Home due to which we have removed this feature.

Resolution

For Cause 1. There is no xmlmodifier command that will remove duplicate sections. Manual editing of the file will be required.

Make a backup copy of configuration.xml
With configuration.xml loaded into a good text editor remove the duplicate entries so that only one remains.
Save the configuration and start the service.

For Cause 2. Disable the URL filtering features.

Linux:

1. Go to /opt/SYMCScan/bin
2. Run the following commands:

./xmlmodifier -s //filtering/URLFilter/@enabled false filtering.xml

./xmlmodifier -s //filtering/URLReputation/@enabled false filtering.xml

./symcscan.sh restart

./controller.sh start

./controller.sh status

Windows:

1. Open an administrative command prompt:
2. Go to the Scan Engine folder: CD "C:\Program Files\Symantec\Scan Engine"
3. Run the following commands in order:

xmlmodifier -s //filtering/URLFilter/@enabled false filtering.xml

xmlmodifier -s //filtering/URLReputation/@enabled false filtering.xml

net stop symcscan && net start symcscan {or go to the Services panel and restart Symantec Protection Engine service and verify that the controller service started also}