NOTE: Enabling the ScanFileSave logging collects all transaction data. This is a debugging feature and should be used only for reproduction purposes. Enabling this feature adds significant system overhead which could impact productivity if left enabled on a production environment..
To enable ScanFileSave logging for Windows:
- Download the category3.xml from this KB article.
- Navigate to Symantec Protection Engine installation directory (Default for 7.8 and up: C:\Program Files\Symantec\Scan Engine.)
- Open configuration.xml in a plain text editor (Notepad.exe)
- Locate the following value on the first line: "version="######"
- Open the category3.xml in a plain text editor (Notepad.exe)
- Modify the version value to match the version number listed inside configuration.xml.
- Provide a log path by modifying the <ScanFileSaveDir> value (Example: <ScanFileSave value="C:\temp\SaveScanLog"/> )
- Save changes to category3.xml
- Copy category3.xml to Symantec Protection Engine installation directory (Default for 7.8 and up: C:\Program Files\Symantec\Scan Engine. For 7.5: C:\Program Files (x86)\Symantec\Scan Engine)
- Restart Symantec Protection Engine service to initialize ScanFileSave logging.
Expected Result: In the directory specified for ScanFileSaveDir in category3.xml, Protection Engine will create an additional directory with a name which matches the following format:
scanfilesave-yyymmdd-time
To enable ScanFileSave logging for Linux:
- At a shell prompt, obtain root credentials.
- Download the category3.xml from this KB article.
- Navigate to Symantec Protection Engine installation directory (Default: /opt/SYMCScan/bin )
- Grep configuration.xml for version (cat configuration.xml | grep version)
- Locate the following value: "version="######"
- Open the category3.xml in a plain text editor.
- Modify the version value to match the version number listed inside configuration.xml.
- Provide a log path by modifying the <ScanFileSaveDir> value (Example: <ScanFileSave value="/opt/SYMCScan/ScanFileSave"/> )
- Save changes to category3.xml
- Create a directory matching the specified value in ScanFileSaveDir.
- Copy category3.xml to Symantec Protection Engine installation directory (Default: /opt/SYMCScan/bin )
- Restart Symantec Protection Engine daemon to initialize ScanFileSave logging. (/etc/init.d/symcscan restart)
Expected Result: In the directory specified for ScanFileSaveDir in category3.xml, Protection Engine will create an additional directory with a name which matches the following format:
scanfilesave-yyymmdd-time
To disable ScanFileSave logging on Linux or Windows
- Delete the file named category3.xml from the Symantec Protection Engine installation directory
- Restart the Symantec Protection Engine Service.
NOTE: Permissible values for "ScanFileSaveSetting" are
- ALL
- CRASH
- CLEAN
- REPAIRED
- CONTAINER
- MAIL_POLICY
- NOT_REPAIRED
- NO_LICENCE
- INTERNAL_ERROR
- MALFORMED_CONTAINER
- TRACE
- NOT_CLEAN
- NOT_OK
- OK