Symantec Protection Engine is deployed in an environment with NetApp Filers. You seek to perform iterative testing of configuration changes with SPE to confirm whether given settings workaround or resolve issues where file access is blocked.

Symantec Protection Engine for NAS 9.0.x

NetApp Filer

1. If possible, perform testing in a dev environment rather than production.
2. For limited deployment testing, turn VSCAN on for a limited number of shares of vfilers.
3. For the selected vfilers, turn off the Symantec Protection Engine service for all but two (2) of the instances of Symantec Protection Engine.
4. On both the SPE instances selected to remain in service, change one setting within the *.xml files of SPE.
5. On one of the SPE instances selected to remain in service, stop and start the ONTAP AV Connector service.
6. On the same machine, stop and then start the Symantec Protection Engine service.
7. On the other SPE instance selected to remain in service, stop and start the ONTAP AV Connection service.
8. On the same machine, stop and then start the Symantec Protection Engine service.
9. Test the behavior of NetApp Filer by copying files to the target share hosted by the vfiler which has the SPE instances in its pool of scanners for VSCAN.
10. If the behavior observed is still not desirable, return to step 4

Why must I test with two instances of SPE?

If you only use one instance, when you restart the service on the single instance of SPE, the NetApp Filer will record an EMERGENCY alert that there are no virus scanners available. Testing with more than two SPE instances slows done the process of changing the value and restarting SPE.

Why must I restart the Symantec Protection Engine service?

First, restarting the SPE service causes SPE to load the configuration changes into memory, making the changes effective. Second, NetApp Filer caches verdicts from the antivirus scanners in its pool. By restarting the services ONTAP AV Connector and then Symantec Protection Engine, NetApp Filer clears its existing cache of verdicts from that instance of SPE. This prevents situations where a test continues to show undesirable behavior until five minutes pass.