The Symantec Protection Engine GUI is not accessible, and parameter changes to Protection Engine have to be applied manually with the xmlmodifier.jar executable jar tool. Though how to use the xmlmodifier.jar is briefly documented in the Implementation Guide, most of the parameter paths are not documented.
Below is a list of some of the parameters in the Symantec Protection Engine GUI and their XPath that could be frequently changed, please keep in mind some of these settings will require that Protection Engine be restarted before they are applied. Here is an example of the command format:
XMLModifier.exe <switch> XPath <value> FILE
This is an example of a command to change the console timeout value to 400 seconds: XMLModifier.exe -s /configuration/resources/system/admin/timeout/@value 400 configuration.xml
More information on available switches can be found in the document below:
About using XML modifier in the Core server only mode: https://support.symantec.com/en_US/article.HOWTO95282.html
Policies->Scanning->Files to Scan (Scan all files or scan files not in exclusion list): /policies/AntiVirus/ExtensionPolicy/@value <0/2> policy.xml *0=Scan all files, and 2=Scan all files except those in the extension or type exclude lists
Policies->Filtering->Files->Blocking by Total Message Size (Block files or messages that are larger then set value): /filtering/FileAttribute/MaxFileSize/@value <value-in-bytes> filtering.xml *If value is set to 0, this disables the parameter.
Hidden parameteres (Determine if Protection Engine should scan every file that is extracted from an Office file): /filtering/Container/Options/ExtractNativeOLEStreamsOnly/@value <true/false> filtering.xml *If the desire is to have Protection Engine scan every part of an Office file we extract from the original Office files, set this parameter to false. (Delete infected read-only files): /policy/Misc/HonorReadOnly/@value <true/false> policy.xml *Default is false. When set to false, if an infected file is read-only Protection Engine will report the file infected but will not attempt to delete the infected file.
Imported Document ID: TECH161296
Subscribing will provide email updates when this Article is updated. Login is required.