Symantec Scan Engine (SSE) does not start anymore, ScanEngineAbortLog.txt reports "400 CSAPI failed to initialize"
search cancel

Symantec Scan Engine (SSE) does not start anymore, ScanEngineAbortLog.txt reports "400 CSAPI failed to initialize"

book

Article ID: 152496

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Scan Engine

Issue/Introduction

Symantec Scan Engine (SSE) does not start anymore, following symptoms can be observed:

1. <Scan Engine PATH>\ScanEngineAbortLog.txt contains similar errors:
2010/05/31-12:01:36 400 CSAPI failed to initialize.
2010/05/31-12:01:36 0 Scan Engine is shutting down; logs may contain more information

2. AV definitions shadowing (by setup-iu.bat script or any other method) is enabled with:
- Symantec Endpoint Protection (SEP) or
- Symantec Antivirus Corporate Edition (SAVCE)

3. AV definitions files in following directory: <Scan Engine PATH>\Definitions\AntiVirus might look "strange", for example one directory might be smaller than normal or some the files might be missing, have different sizes etc.

<Scan Engine PATH> defaults are:
Windows 2003 (32-bit): C:\Program Files\Symantec\Scan Engine
Windows 2008 (64-bit): C:\Program Files (x86)\Symantec\Scan Engine

 

Cause

AV definitions used by SSE are corrupt.

Resolution

1. Please make sure Symantec Scan Engine (SSE) service is not running

2. Disable antivirus (AV) definitions shadowing using setup-iu.bat script or any other method.

3. Delete any files found in following folders (if they exist) - please don't remove the folders:
<Scan Engine PATH>\Definitions\AntiVirus\incoming
<Scan Engine PATH>\Definitions\AntiVirus\tmpIncoming
<Scan Engine PATH>\Definitions\AntiVirus\VirusDefs

<Scan Engine PATH> defaults are:
Windows 2003 (32-bit): C:\Program Files\Symantec\Scan Engine
Windows 2008 (64-bit): C:\Program Files (x86)\Symantec\Scan Engine
4. Remove any folders named <Scan Engine PATH>\Definitions\AntiVirus\VirusDefs000* (if they exist).

5. Copy good AV definitions files to <Scan Engine PATH>\Definitions\AntiVirus\VirusDefs:

a) Download current Intelligent Updater (IU) definitions for "Symantec Scan Engine 5.x" from Symantec website:
http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=cs

IU definitions file should be named similarly as in this example: 20120723-002-i32.exe

b) Extract the definitions: 20120723-002-i32.exe /EXTRACT <PATH>
alternatively: IU definitions file is compressed using ZIP format and can be decompressed using many different archiver programs.

c) Copy decompressed IU definitions from <PATH> to:
<Scan Engine PATH>\Definitions\AntiVirus\VirusDefs

6. Start Scan Engine service


Please note:
1. There is a known alternative method to resolve the problem by copying AV definitions from shared Symantec Endpoint Protection (SEP) location e.g. C:\Program Files\Common Files\Symantec Shared\VirusDefs\<date.revision> OR from another server.
--> It has to be noted that such definitions should only be used if it's 100% certain they are not corrupt.

2. It's NOT supported to copy definitions from shared SEP location on 64-bit systems due to architectural differences. Please use method described in point #5 instead.

3. It's NOT recommended to enable AV defitions shadowing via setup-iu.bat or any other method. AV definitions for SSE should be downloaded separately using built-in LiveUpdate function.

4. It's NOT supported to enable AV definitions shadowing on 64-bit systems.

5. It's NOT possible to share/shadow definitions with SEP 12.1 or newer.