Java was upgraded to a newer version (e.g 8u411) to remediate vulnerabilities. After Java was upgraded both the Scan Engine, and the REST API services aborted during startup.
A review of SymantecProtectionEngineAbortLog.txt showed entries similar to the following:
Windows: C:\Program Files\Symantec\Scan Engine\SymantecProtectionEngineAbortLog.txt
2024/06/14-10:16:46 300 XML files did not validate : Error Validating configuration.xml. Element '/configuration/Resources/System/JavaLocation/@value' value: 'C:\Program Files\Java\jre-1.8\bin\java.exe' is not a valid value of the local atomic type. Error Message: Failed to execute Java version command. Valid Java not found. Please configure the supported version of 64 bit java(1.8 family update 232 or later version in the same series).
2024/06/14-10:16:46 0 Symantec Protection Engine is shutting down; logs may contain more information.
Linux: /opt/SYMCScan/SymantecProtectionEngineAbortLog.txt
2024/06/14-15:15:46 300 XML files did not validate : Error Validating configuration.xml. Element '/configuration/Resources/System/JavaLocation/@value' value: '/usr/java/jre1.8.0_360_hotspot/bin/java' is not a valid value of the local atomic type. Error Message: Configured java does not exist. Please configure the supported version of 64 bit java(1.8 family update 232 or later version in the same series).
2024/08/05-15:15:46 0 Symantec Protection Engine is shutting down; logs may contain more information.
Windows, SPE 9.0, 9.1
The path to the Java binary changed, but the SPE references to the old path remain in configuration.xml @JavaLocation
Steps to resolve:
Windows:
1. Verify where the current Java.exe binary is located on the server.
2. Copy the path to where the current Java.exe is located into the system clipboard and paste it over/replacing the following syntax highlighted tagged in red (make sure you include java.exe at the end of the path)
xmlmodifier -s //Resources/System/JavaLocation/@value "C:\Program Files\OpenLogic\jre-8.0.412.08-hotspot\bin\java.exe" configuration.xml
3. Open an administrative command prompt and CD "C:\Program Files\Symantec\Scan Engine"
4. Run the xmlmodifier command crafted in step #2
Attempt to start the Symantec Protection Engine service again.
Linux:
1. Verify where the current Java binary is located by examining the java SymLink: ll /etc/alternatives/java
Example of what may be returned:
/etc/alternatives/java -> /usr/java/jre1.8.0_361-amd64/bin/java
2. Using the information from the SymLink (green) -- replace the path to where the current java binary is located into the system clipboard and paste it over/replacing the following syntax tagged in red.
./xmlmodifier -s //Resources/System/JavaLocation/@value /usr/java/jre1.8.0_360_hotspot/bin/java configuration.xml
3. From the bash prompt: cd /opt/SYMCScan/bin
4. Run the xmlmodifier command crafted in step #2
Start the symcscan service: /etc/init.d/symcscan start