Professional Documents
Culture Documents
Symantec™ Protection Engine 8.1 Command Line Reference Guide
Symantec™ Protection Engine 8.1 Command Line Reference Guide
Symantec™ Protection Engine 8.1 Command Line Reference Guide
Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.
This Symantec product may contain third party software for which Symantec is required to provide attribution
to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open
source or free software licenses. The License Agreement accompanying the Software does not alter any
rights or obligations you may have under those open source or free software licenses. Please see the
Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec
product for more information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying, distribution,
and decompilation/reverse engineering. No part of this document may be reproduced in any form by any
means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO
CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined
in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer
Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and
Commercial Computer Software Documentation," as applicable, and any successor regulations, whether
delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government
shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
https://www.symantec.com
Symantec Support
All support services will be delivered in accordance with your support agreement and the
then-current Enterprise Technical Support policy.
■ XMLModifier options
filtering.xml Contains the settings for URL filtering, container limits and
container handling, and file attribute and email attribute
handling.
Following is the XML modifier command-line tool for Symantec Protection Engine:
■ xmlmodifier
A tool used on Linux platforms to modify the XML files.
Always run the XMLModifier utility from the installation directory. After you change the settings
by using the XMLModifier utility, you must stop and start the Symantec Protection Engine
service for the changes to take effect.
XMLModifier options
Use the XML modifier command-line tool of Symantec Protection Engine to modify the XML
files.
Note: For boolean values, allowed and recommended values are true or false.
Table 1-1 provides the option commands that you can use with the XML modifier command-line
tool of Symantec Protection Engine.
Remove If the XPath specifies an attribute, then that attribute is set to an empty string.
If the XPath specifies a group, then the items within that group are removed. If you want to
populate a list within the XML document with new items, first remove the whole list.
where <XPath> is the required XPath and <XMLfile> is the XML file name.
Bulk copy Use the bulk copy command to insert a list of items that are stored at the XPath. Each item is
separated as a new line. The bulk copy command appends the bulk file items to the XPath
location. Only use this command to insert lists. Each entry must be on a separate line.
where <XPath> is the required XPath and <XMLfile> is the XML file name.
Introduction 8
XMLModifier options
where <XPath> is the required XPath and <XMLfile> is the XML file name.
For example,
Encrypt the password This command encrypts the specified password using the AES 256-bit encryption method and
(using the AES stores it in the specified XPath location. However, only certain parameters support this encryption
256-bit encryption method in Symantec Protection Engine.
method) and store in
Table 1-2 lists the parameters that are encrypted using this method.
specified XPath
location The command is as follows:
where <XPath> is the required XPath, <password> is your password, <SPE install directory>
is the path to the installation directory, and <XMLfile> is the XML file name.
Note: Make sure the path to the Symantec Protection Engine installation directory does not
end with /.
Query This command returns the value of the node in the XML document with no newline.
where <XPath> is the required XPath and <XMLfile> is the XML file name.
Query list This command returns the list of values of the node in the XML document with a newline. The
l is lowercase, as in list.
where <XPath> is the required XPath and <XMLfile> is the XML file name.
Add URL(s) to local This command adds URL(s) to local URL category.
URL category
The command is as follows:
where <url> is the url to be added and <urlcategory> is the local URL category.
Delete URL(s) from This command deletes URL(s) from the local URL category.
local URL category
The command is as follows:
where <url> is the url to be deleted and <urlcategory> is the local URL category.
Add URL(s) to URL This command adds URL(s) to URL Override List
Override List
The command is as follows:
Delete URL(s) from This command deletes the URL(s) from the URL Override List.
URL Override List
The command is as follows:
Table 1-2 Parameters that require password encryption using the AES 256-bit method
Note: The XMLModifier utility has a dependency on the libxml2 library. If this library is not
found, the utility may throw an error. The libxml2 library is already present in the installation
directory. However, if the XMLModifier utility is still unable to find the library on UNIX machines,
you can add the path, /opt/SYMCScan/bin, to the LD_LIBRARY_PATH environment variable.
Chapter 2
Configuration
This chapter includes the following topics:
■ Protocols
■ Resources
■ Logging
■ Miscellaneous
Protocols
Table 2-1 Protocol settings
Settings XPath
■ true
■ false
Settings XPath
■ true
■ false
Settings XPath
Default value: 1
■ 1024 to 2147483646
Settings XPath
■ true
■ false
Settings XPath
■ true
■ false
■ Valid passoword
■ Symantec Protection Engine installation directory path
Settings XPath
Default value:
ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,
ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,
AES128-GCM-SHA256,AES256-GCM-SHA384, AES128-SHA256,AES256-SHA256
■ true
■ false
Resources
Table 2-3 System settings
Settings XPath
Default values
Linux: /opt/SYMCScan/temp
Settings XPath
Default value: 6
Default values
Linux: /opt/SYMCScan/bin
Settings XPath
■ Any string
■ 0
Displays the summary data since the last restart.
■ 1
Displays the summary data since the installation.
Default value: 0
Settings XPath
■ true
Use this value if you want to use the Core server with user interface mode. This
method requires JRE to be installed.
■ false
Use this value if you want to use the Core server only mode. This method does not
require JRE to be installed.
Setting XPath
■ Valid IP address
Setting XPath
■ 60 to 3600
■ true
Enables Windows Active Directory-based authentication mode.
■ false
Enables Symantec Protection Engine-based authentication.
Logging
Table 2-5 Logging
Settings XPath
Linux: /opt/SYMCScan/log
Default value: 5
Settings XPath
■ 0 to 6
Default value: 0
Default value: 0
Settings XPath
Enable SMTP alerts -Domain In the SMTP domain parameter, type the local domain for Symantec Protection Engine.
■ The domain name is added to the "From" box for SMTP messages. SMTP alert
messages that Symantec Protection Engine generates originate from
SymantecProtectionEngine@<domainname>, where <domainname> is the domain
name that you specify in the SMTP domain parameter
Default value: 0
Settings XPath
Settings XPath
■ true
■ false
■ 0 to 365
Default value: 0
■ 0 to 6
Default value: 3
Linux: /opt/SYMCScan/CloudLog
Settings XPath
■ true
■ false
■ 1 to 1000000 in minutes.
Default value: 1
Default value: 2
Configuration 28
Logging
Settings XPath
■ true
■ false
■ 1 to 1000000 in minutes.
Default value: 1
Default value: 2
■ true
■ false
Default value: 1
Configuration 29
Logging
Settings XPath
Default value: 2
■ true
■ false
Allowed values
■ 1 to 1000000 in minutes.
Default value: 1
Default value: 2
■ true
■ false
Settings XPath
■ 1 to 1000000 in minutes.
Default value: 1
■ 2 to 100000
Default value: 2
■ true
■ false
■ 1 to 10000000 in minutes.
Default value: 1
Default value: 2
Configuration 31
Logging
Settings XPath
■ true
■ false
■ 1 to 10000000 in minutes.
Default value: 1
Default value: 2
■ true
■ false
■ 1 to 10000000 in minutes.
Default value: 1
Configuration 32
Logging
Settings XPath
Default value: 2
■ true
■ false
■ 1 to 1000000 in minutes.
Default value: 1
Default value: 2
Settings XPath
Default value: 1
Configuration 34
Proxy and Quarantine Server
Settings XPath
Settings XPath
■ Valid IP address
■ 0 to 65535
Default value: 0
Settings XPath
■ True
■ False
■ Valid IP address
■ 0 to 65535
Default value: 0
Miscellaneous
Table 2-8 Miscellaneous settings
Settings XPath
Settings XPath
Existing Schedules For information about adding, editing or removing schedules, please refer to Symantec
Protection Engine Implementation Guide.
Chapter 3
LiveUpdate
This chapter includes the following topics:
■ LiveUpdate
LiveUpdate
Table 3-1 Schedule LiveUpdate
Settings XPath
■ true
■ false
Settings XPath
■ Time in seconds
■ true
■ false
■ 0 to 23 (hour)
Default value: 0
■ 0 to 59 (minute)
Default value: 0
LiveUpdate 39
LiveUpdate
Settings XPath
Settings XPath
■ 0 to 65535
Default value:
■ 80 for HTTP
■ 443 for HTTPS
LiveUpdate 40
LiveUpdate
Settings XPath
■ Threat policies
■ Insight Scanning
■ APK Reputation
■ Actions
■ Exclusion policies
■ Notifications
Threat policies
Virus scanning is enabled by default and you cannot disable it. You can configure the following
parameters for all threat detection technologies.
Policies 42
Insight Scanning
Settings XPath
Default value: 2
■ 1 to 2147000000 (bytes)
Insight Scanning
Table 4-2 Insight scanning settings
Settings XPath
■ true
■ false
Settings XPath
Default value: 2
Note: This parameter is now applicable to all threat detection technologies.
■ 1 to 2147000000 (bytes)
Settings Command
■ true
■ false
Settings Command
■ Valid URL
■ 0 to 65535
Default value: 0
APK Reputation
Table 4-4 APK Reputation settings
Settings XPath
Actions
Table 4-5 Actions
Settings XPath
■ 0 to 3
Default value: 2
■ true
■ false
Exclusion policies
Table 4-6 Exclusion policies settings
Settings XPath
■ 0
Disable the extension policy.
■ 2
Enable the extension policy.
Default value: 0
Note: Extension policy must be enabled if you want to configure the exclusion policies.
Exclude List You can add or remove any file extension that you want to exclude form AV scanning
at the below XPath in the policy.xml file.
This parameter excludes the
specified file extensions from xmlmodifier -b //policies/ThreatPolicies/ExcludeList/@item
scanning. <value> policy.xml
Allowed values
■ You can add any file extension to the file extension exclude list (file extensions
must begin with a period).
MIME Exclude List You can add or remove entries in the file type exclude list in the policy.xml at the below
XPath:
This parameter excludes the
specified multimedia file xmlmodifier -b //policies/ThreatPolicies/MIMEExcludeList/@item
extensions from scanning. <value> policy.xml
Allowed values
Notifications
Table 4-7 Notifications settings
Setting XPath
■ URL Reputation
■ URL Filtering
■ Containers
■ File Attribute
URL Reputation
Table 5-1 Threat policies
Settings XPath
■ true
■ false
Settings XPath
URL Filtering
Table 5-2 URL Filtering settings
Settings XPath
■ true
■ false
■ 0
Audit mode
■ 1
Filtering mode
Default value: 1
■ 0
■ 1
Default value: 0
For example,
xmlmodifier -b //filtering/URLFilter/DenyVendorCategories/items
C:\Users\Administrator\Desktop\sample.txt filtering.xml
Settings XPath
For example,
xmlmodifier -b //filtering/URLFilter/DenyLocalCategories/items
C:\Users\Administrator\Desktop\sample.txt filtering.xml
Containers
Table 5-3 Container settings
Settings XPath
Settings XPath
■ 0
Creates a log entry and allows access to the file.
■ 1
Blocks access to the file.
Default value: 1
■ 0
Creates a log entry and allows access to the file.
■ 1
Blocks access to the file.
Default value: 1
Default value: 0
Filtering 53
Containers
Settings XPath
■ 0
Creates a log entry and allows access to the file.
■ 1
Blocks access to the file.
Default value: 1
Default value: 0
■ 0
Creates a log entry and allows access to the file.
■ 1
Blocks access to the file.
Default value: 1
■ true
■ false
Settings XPath
Settings XPath
Settings XPath
■ true
■ false
■ true
■ false
Default value: The encrypted container attached to this email was removed. File
attachment: ${FILE_NAME}. File ${QUARANTINED}.
File Attribute
Table 5-5 File Attribute settings
Settings XPath
■ true
■ false
Settings XPath
For example,
xmlmodifier -b //filtering/FileAttribute/DenyFileNames/items
C:\Users\Administrator\Desktop\sample.txt filtering.xml
■ true
■ false
Settings XPath
For example,
xmlmodifier -b //filtering/FileAttribute/DenyFileTypes/items
C:\Users\Administrator\Desktop\sample.txt filtering.xml
Default value: The file attached to this email was removed because the file name is
not allowed. File attachment: ${FILE_NAME}. Matched pattern:
${MATCHING_FILENAME_ENTRY}.
Filtering 58
File Attribute
Settings XPath
■ true
■ false
For example,
xmlmodifier -b //filtering/FileAttribute/DenyFileSizes/items
C:\Users\Administrator\Desktop\sample.txt filtering.xml
Default value: The file attached to this email was removed because the file size is not
allowed. File attachment: ${FILE_NAME}. Matched file size: ${FILE_SIZE}.
■ 0 to 4294967296 bytes
Default value: 0