Symantec™ Protection Engine

for Network Attached Storage

8.1 Release Notes
Symantec™ Protection Engine for Network Attached
Storage 8.1 Release Notes
Legal Notice
Copyright © 2019 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution,
and decompilation/reverse engineering. No part of this document may be reproduced in any form by any
means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO
CHANGE WITHOUT NOTICE.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

https://www.symantec.com
Symantec Support
All support services will be delivered in accordance with your support agreement and the
then-current Enterprise Technical Support policy.

Knowledge Base Articles and Symantec Connect

Before you contact Technical Support, you can find free content in our online Knowledge Base,
which includes troubleshooting articles, how-to articles, alerts, and product manuals. In the
search box of the following URL, type the name of your product:
https://support.symantec.com
Access our blogs and online forums to engage with other customers, partners, and Symantec
employees on a wide range of topics at the following URL:
https://www.symantec.com/connect

Technical Support and Enterprise Customer Support

Symantec Support maintains support centers globally 24 hours a day, 7 days a week. Technical
Support’s primary role is to respond to specific queries about product features and functionality.
Enterprise Customer Support assists with non-technical questions, such as license activation,
software version upgrades, product access, and renewals.
For Symantec Support terms, conditions, policies, and other support information, see:
https://entced.symantec.com/default/ent/supportref
To contact Symantec Support, see:
https://support.symantec.com/en_US/contact-support.html
Release Notes
This document includes the following topics:

■ About Symantec™ Protection Engine for Network Attached Storage

■ What's new in Symantec Protection Engine 8.1

■ Upgrading to Symantec Protection Engine 8.1

■ Migrating to version 8.1

■ System requirements

■ Known issues

■ Where to get more information

About Symantec™ Protection Engine for Network

Attached Storage
Symantec™ Protection Engine for Network Attached Storage is hereafter referred to as
Symantec Protection Engine.
Symantec Protection Engine is a carrier class content and URL scanning engine. Symantec
Protection Engine provides content scanning and URL filtering capabilities to any application
on an IP network, regardless of its platform. Any application can pass files or URLs to Symantec
Protection Engine for scanning.
Symantec Protection Engine accepts scan requests from the client applications that use
following protocol:
■ The Internet Content Adaptation Protocol (ICAP), version 1.0, as presented in RFC 3507
(April 2003)
You can use the Symantec Protection Engine software development kit (SDK) or build your
own connector to integrate Symantec Protection Engine with your application. The SDK supports
 Release Notes 5
What's new in Symantec Protection Engine 8.1

version 1.0 of ICAP, as presented in RFC3507 (April 2003). Symantec also has developed
connector code for some third party applications to seamlessly integrate with Symantec
Protection Engine.
The Symantec Protection Engine Software Developers Guide provides information about how
to create customized integrations with ICAP.

What's new in Symantec Protection Engine 8.1

Table 1-1 describes the new features in Symantec Protection Engine.

Table 1-1 New features

Feature Description

Support for non-archive files Symantec Protection Engine 8.1 supports the scanning of the
larger than 2 GB non-archive files that are larger than 2 GB. The support is limited to
2 GB in previous releases.

Latest Symantec technologies Symantec Protection Engine 8.1 is integrated with latest internal
Symantec scanning technologies.

Improved efficacy with the help of AML, x86 PE Emulator,

nonPE/Scripts, etc.

Enhanced LiveUpdate Internal critical fixes are now delivered through LiveUpdate.

Improved in-memory file system Symantec Protection Engine uses the system memory to stream and
scan the files. Now, the memory size is no more limited to 4 GB.

Upgrading to Symantec Protection Engine 8.1

Table 1-2 describes the upgrade path that Symantec Protection Engine 8.0 supports.

Table 1-2 Supported upgrades

Previous version Description

number

8.0.x Symantec Protection Engine 8.1 supports an upgrade from version 8.0.x.

You can choose to upgrade the product and preserve your existing settings or
perform a clean upgrade. If you choose to do a clean upgrade, the installer
removes the previous version, and then installs the newer version as a full
installation, without preserving any previous settings.
 Release Notes 6
Migrating to version 8.1

Table 1-2 Supported upgrades (continued)

Previous version Description

number

7.9.x Symantec Protection Engine 8.1 supports an upgrade from version 7.9.x.

You can choose to upgrade the product and preserve your existing settings or
perform a clean upgrade. If you choose to do a clean upgrade, the installer
removes the previous version, and then installs the newer version as a full
installation, without preserving any previous settings.

7.8.x Symantec Protection Engine 8.1 supports an upgrade from version 7.8.x.

You can choose to upgrade the product and preserve your existing settings or
perform a clean upgrade. If you choose to do a clean upgrade, the installer
removes the previous version, and then installs the newer version as a full
installation, without preserving any previous settings.

Migrating to version 8.1

Symantec Protection Engine does not support direct upgrades from version 7.5 and earlier
versions. In that case, you must migrate to version 8.1. The following tables describes migration
process when direct upgrade is not supported.

Table 1-3 Migration Paths

Previous version number Description

7.5.x Symantec Protection Engine does not support direct upgrades from
version 7.5.x. You must migrate to 8.0 first, then upgrade to 8.1.

A separate utility to migrate from 7.5.x to 8.0 is provided.

Note: On Linux, set the LD_LIBRARY_PATH as follows before you
execute the Migration Utility:

LD_LIBRARY_PATH="<Base_Location>
/SPE_Tools/Migration_Utility/RedHat/"

For more information, see the Symantec Protection Engine Migration

Utility in the Symantec_Protection_Engine_Tools.zip file.

7.0.x Symantec Protection Engine does not support direct upgrades from
version 7.0.x. You must first upgrade to version 7.5.x, then migrate
to 8.0.

You must stop the Symantec Protection Engine service before you upgrade the software.
 Release Notes 7
System requirements

System requirements
Before you install Symantec Protection Engine, verify that your server meets the minimum
system requirements.
■ System requirements to install Symantec Protection Engine on Linux
For Symantec Protection Engine platform support matrix, see the following pages:
■ Symantec Protection Engine for Cloud Services
https://support.symantec.com/en_US/article.DOC11401.html
■ Symantec Protection Engine for Network Attached Storage
https://support.symantec.com/en_US/article.DOC11402.html

System requirements to install Symantec Protection Engine on Linux

The minimum system requirements to install Symantec Protection Engine on Linux are as
follows:

Operating ■ Red Hat Enterprise Linux Server 6.8 (64-bit) or later

system ■ Red Hat Enterprise Linux Server 7.0 (64-bit) or later
■ CentOS Linux 7.1 (64-bit) or later

Ensure that your operating system has the latest service patches available.

Processor Intel or AMD Server Grade Single Processor Quad Core systems or higher

Memory 16 GB RAM or higher

Disk space 40 GB of hard disk space

60 GB of hard disk space for using URL Filtering feature

Hardware ■ Network interface card (NIC) running TCP/IP with a static IP address
■ Internet connection to update definitions
■ 100 Mbps Ethernet link (1 Gbps recommended)
 Release Notes 8
System requirements

Software ■ Ensure that the following packages are installed:

■ 64-bit zlib library package
■ GNU sharutils-4.6.1-2 or later
■ 64-bit GNU libuuid-2.17.2-6 or later
■ ncompress-4.2.4-44 or later
■ 64-bit GNU C Library (glibc) 2.17.260 or later
■ Initscripts
This package is required for Red Hat Linux only.
■ pidof
This package is required to find the process IDs of the running programs.
■ 64-bit Java Runtime Environment (JRE) 8.0 Update 111 or later and JRE 10.0 or
later
■ We recommend that you use the latest JRE version to avoid any known
vulnerabilities.
■ JRE is required only if you plan to operate Symantec Protection Engine in the
Core server with user interface mode.
■ Install JRE using Red Hat Package Manager (RPM). Ensure that you note the
installation location. You must provide the location of the JRE if the installer is
unable to detect it.
■ To know about the operating systems that JRE 10.0.2 (64-bit) supports, refer
to the official Oracle documentation or Symantec Protection Engine Java Support
Matrix.
■ One of the following Web browsers to access the Symantec Protection Engine
console:
■ Microsoft Internet Explorer 11 or later
Use Microsoft Internet Explorer to access the Symantec Protection Engine
console from a Windows client computer.
Note: If you are using 64-bit Internet Explorer browser, you must add the
following registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\MAIN] "TabProcGrowth"=dword:00000000
■ Mozilla Firefox 32-bit (Extended Support Release) 45 or later
Use Mozilla Firefox to access the Symantec Protection Engine console from a
Linux client computer.
The Web browser is required only for Web-based administration. You must install
the Web browser on a computer from which you want to access the Symantec
Protection Engine console. The computer must have access to the server on which
Symantec Protection Engine runs.

Note: If any of the above package binary is already present on the computer and if the
installer is still unable to find it, you can add the path to the binary in
LD_LIBRARY_PATH environment variable.
 Release Notes 9
Known issues

Hypervisor ■ Windows 2008 R2 Hyper-V

support ■ Windows 2012 Hyper-V
■ VMware vsphere 5.5 or later
■ VMware vsphere 6.0 or later

The following Linux guest operating systems have been certified on Hyper-V:

■ Red Hat Enterprise Linux Server 6.8 (64-bit) or later

■ Centos 7.1 or later

Known issues
■ XMLModifier does not show error for inactive XPath if you use incomplete XPath by skipping
a child node with two slashes (//).
Some configurations of previous release are no more valid in Symantec Protection Engine
8.1. However, XML files still contain those configurations. You cannot configure these
values using XMLModifier tool. If you run the XMLModifier command with such inactive
XPath, you get the following error:
XPath is not active in Symantec Protection Engine 8.1 and later versions.
Symantec Protection Engine does not support inactive XPaths.
Ensure that you always use the complete XPath in the command. If you use incomplete
XPath by skipping a child node with two slashes (//), XMLModifier does not show error
even if XPath is inactive.
■ Symantec Protection Engine does not support the scanning of the following container files:
LZH, LHA, AMG, TNEF.
■ For top-level encrypted zip file, Symantec Protection Engine does not attach a text
notification file to the email. Instead, email has a zip file as an attachment, which contains
a text notification file in place of encrypted file.
■ If Symantec Protection Engine detects infected files within multiple levels of archive files,
it reports only the file name and not the relative path of the file.
■ Scan time out in Symantec Protection Engine is a coarse-grained timeout. It tries to timeout
at the nearest possible opportunity and may not be precise.
■ MaxContainerExtractSize configuration does not work for .TAR and .7Z files.
■ MaxExtractFileCount configuration does not work for .TBZ and .TGZ files.
■ ICAP response for the encrypted container violation does not contain the file name for
which the violation has happened.
■ Symantec Protection Engine sometimes does not respond while scanning an archive file
on CentOS and RHEL 6.8 platforms.
 Release Notes 10
Where to get more information

The old version of CentOS/RHEL component GNU C Library (glibc) causes this issue.
Update this component to the latest version to resolve this issue. In CentOS 7.4, update
the component to version 2.17.260.
■ Microsoft Office application report shows that recovery error message after malware is
replaced.
Microsoft Office 2010 and later files (XLSM, XLTX, XLTM, XLSB, XLAM, XLSX) with
infections gets updated by replacing the infection with replacement text. However, Office
tools reports the recovery error message when the output file is opened.
■ Infected Microsoft Office files do not get replaced with replacement file.
Files include - XLS, XLA, XLT, PPT, PPS, POT, DOC, and DOT.
■ Encrypted PDF file inside the container file such as ZIP or TAR cannot be replaced with a
replacement file.
As a result, the original infected file is returned back to Symantec Protection Engine client.
■ Replacement file that replaced the Infected file cannot be renamed.
For example, the replacement file that replaced infected file eicar.com cannot be renamed
to DELETED.txt. File name remains as eicar.com and contains a notification text.

Where to get more information

Symantec Protection Engine includes new cloud-based online help system called Unified Help
System (UHS). The topics are categorized into the buckets and you can search for keywords.
Context-sensitive help is available for each page in the Symantec Protection Engine standalone
as well as centralized console.
Symantec Protection Engine 8.1 UHS is available at the following
location:https://help.symantec.com/home/spe_8_1?locale=EN_US
You can visit the Symantec Web site for more information about our product.
The following online resources are available:

Provides access to the technical support https://support.symantec.com/en_US.html

Knowledge Base, newsgroups, contact
information, downloads, and mailing list
subscriptions

Provides information about registration, http://customersupport.symantec.com/

frequently asked questions, how to respond to
error messages, and how to contact Symantec
License Administration

Provides product news and updates https://www.symantec.com/

 Release Notes 11
Where to get more information

Provides access to the Virus Encyclopedia, https://www.symantec.com/security_response/

which contains information about all known
threats, information about hoaxes, and access
to white papers about threats