Attempts to connect to a Protection Engine server via the management console results in an input string error
search cancel

Attempts to connect to a Protection Engine server via the management console results in an input string error

book

Article ID: 281226

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

When attempting to connect to a server from within the Protection Engine Console for Windows--the attempt fails with an error similar to the following:

An error occurred For input string: "18446744073709551615"

After reviewing the contents of the SPE_REST_API.log (which resides on the SPE server) entries similar to the following were found:

2024-03-25 18:41:31,143 [main] ERROR symantec.spe.helper.XMLReaderWriter:102 - Failed to initialize: C:\Program Files\Symantec\Scan Engine\report.xml
2024-03-25 18:41:31,143 [main] ERROR symantec.spe.helper.XMLReaderWriter:103 - Content is not allowed in prolog.

 

Environment

Protection Engine 9.1

Cause

The report.xml file was corrupted, wherein one or more of the statistical elements was set to an impossibly large value. The value is higher than the program can read or accept.

<?xml version="1.0" encoding="UTF-8"?>
<report>
    <SinceInstall>
        <VirusFound value="18446744073709551615"/>
        <VirusRepaired value="18446744073709551615"/>
        <FilesQuarantined value="18446744073709551615"/>
        <FilesScanned value="18446744073709551615"/>
        <ScanRequest value="18446744073709551615"/>
        <DataScanned unit="Bytes" value="18446744073709551615"/>
        <byurl value="18446744073709551615"/> 
        <SecurityRisks value="18446744073709551615"/>
        <malformed value="18446744073709551615"/>
        <policyviolations value="18446744073709551615"/>
        <fileviolations value="18446744073709551615"/>
        <containerviolations value="18446744073709551615"/>
        <HighRiskRatings value="18446744073709551615"/>
        <MediumRiskRatings value="18446744073709551615"/>
        <LowRiskRatings value="18446744073709551615"/>
        <InsightThreats value="18446744073709551615"/>
        <InsightSecurityRisks value="18446744073709551615"/>
        <UrlReputationPolicyViolations value="18446744073709551615"/>
        <APKReputationPolicyViolations value="18446744073709551615"/>
        <TotalDataScanned unit="Bytes" value="18446744073709551615"/>
        <TotalFilesScanned value="18446744073709551615"/>
        <URLsScanned value="18446744073709551615"/>
        <ActiveContentViolations value="18446744073709551615"/>
        <ActiveContentRemoved value="18446744073709551615"/>
        <ActiveContentFileDeleted value="18446744073709551615"/>
        <SuspiciousThreats value="18446744073709551615"/>

 

 

Resolution

This issue is resolved in Symantec Protection Engine (SPE) version 9.2.  Broadcom support recommends customers update to SPE 9.2 or newer to receive the fix.  If upgrade is not possible then please follow the steps listed below:

1. Stop the SPE service.

    If the base OS is Windows load the services panel and stop the service named "Symantec Protection Engine"

    If the base OS is Linux run the command: /etc/init.d/symcscan stop

 

2. Delete the existing report.xml file

  If Windows the default path will be "C:\Program Files\Symantec\Scan Engine"

  If Linux the default path will be  "/opt/SYMCScan/bin"

 

3. Start the service again. It will rebuild a new report.xml.

  If the base OS Linux run:   /etc/init.d/symcscan start

 

 

Powered by Wolken Software