XPath location of Symantec Scan Engine parameters in the Scan Engine xml configuration files

Article:TECH161296  |  Created: 2011-05-31  |  Updated: 2012-08-13  |  Article URL http://www.symantec.com/docs/TECH161296
Article Type
Technical Solution


Issue



The Symantec Scan Engine GUI is not accessible, and parameter changes to Scan Engine have to be applied manually with the xmlmodifier.jar executable jar tool.  Though how to use the xmlmodifier.jar is briefly documented in the Implementation Guide, most of the parameter paths are not documented.


Solution



Below is a list of some of the parameters in the Symantec Scan Engine GUI and their XPath that could be frequently changed, please keep in mind some of these

settings will require that Scan Engine be restarted before they are applied,

Configuration->Protocol->Select Communication Protocol
(Protocol Mode): /configuration/protocol/ProtocolSetting/@value <ICAP/RPC/NATIVE> configuration.xml

Configuration->Resources->System Scanning Resources
(Temp scanning directory): /configuration/resources/system/TempDir/@value <temp-path> configuration.xml
(Max number of available threads for scanning): /configuration/resources/system/MaxThreads/@value <value> configuration.xml
(Min number of available threads for scanning): /configuration/resources/system/MinThreads/@value <value> configuration.xml
*For minimum number of threads please use increments of 16, default value is 16. 
(Threshold number of queued requests): /configuration/resources/system/Load/MaximumQueuedClients/@value <value> configuration.xml
(Log or send alert for maximum load frequency): /configuration/logging/loadexceededalertinterval/@value <value-in-minutes> configuration.xml

Configuration->Resources->Server Resources
(Max RAM used for in-memory file system): /filtering/Container/InMemoryFilesystemSize/@value <value-in-MB> filtering.xml
(Max file size stored within in-memory file system): /filtering/Container/MaxInMemoryFileSize/@value <value-in-MB> filtering.xml

Policies->Scanning->Antivirus Scanning
(Enable virus scanning): /policies/AntiVirus/AntiVirusEnabled/@value <true/false> policy.xml
(Bloodhound detection level): /policies/AntiVirus/BloodhoundLevel/@value <0/1/2/3> policy.xml
*The default value is 2, 0=Off/1=Low/2=Medium/3=High.

Policies->Scanning->Security Risk Scanning
(Spyware): /policies/SecurityRiskScanning/SpywareEnabled/@value (true/false) policy.xml
(Adware): /policies/SecurityRiskScanning/AdwareEnabled/@value (true/false) policy.xml
(Other Risks): /policies/SecurityRiskScanning/OtherRiskEnabled/@value (true/false) policy.xml

Policies->Scanning->Files to Scan
(Scan all files or scan files not in exclusion list): /policies/AntiVirus/ExtensionPolicy/@value <0/2> policy.xml
*0=Scan all files, and 2=Scan all files except those in the extension or type exclude lists

Policies->Filtering->Container Handling->Container File Processing Limits
(Time to extract file limit): /filtering/Container/MaxExtractTime/@value <value-in-seconds> filtering.xml
(Max extract size of a file limit): /filtering/Container/MaxExtractSize/@value <value-in-MB> filtering.xml
(Max extract depth limit): /filtering/Container/MaxExtractDepth/@value <value-in-levels-of-depth. filtering.xml
(Allow or block files that hit Container processing limit): /filtering/Container/LimitChoiceStop/@value <true/false> filtering.xml
*Set to true if you want to block files that hit one of the three container limits.

Policies->Filtering->Container Handling->Partial Container Handling
(Deny or allow access to partial containers): /filtering/Container/DenyPartialContainers/@value <true/false> filtering.xml

Policies->Filtering->Container Handling->Malformed Container File Processing
(Block or allow access to malformed containers): /filtering/Container/DenyMalformedContainers/@value <true/false> filtering.xml

Policies->Filtering->Container Handling->Encrypted Container Handling
(Delete or allow access to encrypted containers): /filtering/Container/DeleteEncryptedContainers/@value <true/false> filtering.xml

Policies->Filtering->Files->Blocking by Total Message Size
(Block files or messages that are larger then set value): /filtering/FileAttribute/MaxFileSize/@value <value-in-bytes> filtering.xml
*If value is set to 0, this disables the parameter. 

Monitors->Logging->Local Logging
(Local logging level): /configuration/logging/loglocal/@value <0/1/2/3/4/5> configuration.xml
*0=None, 1=Error, 2=Outbreak, 3=Warning, 4=Information, 5=Verbose.

Monitors->Logging->Windows Logging
(Windows Event logging level): /configuration/logging/logwindows/@value <0/1/2/3/4/5> configuration.xml
*0=None, 1=Error, 2=Outbreak, 3=Warning, 4=Information, 5=Verbose.

Monitors->Logging->Symantec Security Information Manager (SSIM)
(SSIM logging level): /configuration/logging/logsesa/@value <0/1/2/3/4/5> configuration.xml
*0=None, 1=Error, 2=Outbreak, 3=Warning, 4=Information, 5=Verbose.
(SSIM agent address): /configuration/logging/logsesa/@ip <SSIM-IP-address> configuration.xml
(SSIM port number): /configuration/logging/logsesa/@port <port-number> configuration.xml

System->LiveUpdate Content->LiveUpdate Content
(Enable/disable Java LiveUpdate): /liveupdate/schedules/enable/@value <true/false> liveupdate.xml
(LiveUpdate interval): /liveupdate/schedules/interval/@value <time-in-seconds> liveupdate.xml

System->Rapid Release Content->Rapid Release Content
(Enable/disable Rapid Release): /liveupdate/rapidrelease/schedule/enable/@value <true/false> liveupdate.xml
(Rapid Release interval): /liveupdate/rapidrelease/interval/@value <time-in-minutes> liveupdate.xml

System->Administrator Settings->Administrator Settings
(Administrator timeout): /configuration/resources/system/admin/timeout/@value <time-in-seconds> configuration.xml
*The maximum time that can be selected for this parameter is 3,600 seconds. 

 

Hidden parameteres
(Determine if Scan Engine should scan every file that is extracted from an Office file): /filtering/Container/Options/ExtractNativeOLEStreamsOnly/@value <true/false> filtering.xml
*If the desire is to have Scan Engine scan every part of an Office file we extract from the original Office files, set this parameter to false.
(Delete infected read-only files): /policy/Misc/HonorReadOnly/@value <true/false> policy.xml
*Default is false.  When set to false, if an infected file is read-only Scan Engine will report the file infected but will not attempt to delete the infected file.




Article URL http://www.symantec.com/docs/TECH161296


Terms of use for this information are found in Legal Notices