Thursday, October 30, 2014

Symantec Protection for SharePoint Server - AV definitions are not shown correctly in Central Admin

Few days ago I faced the following issue with Symantec Protection for SharePoint Server and AV definitions displayed in Central Admin. I have SharePoint 2013, Symantec Protection Engine version and Symantec Protection 6.0 for SharePoint Server version

When I went to Central Admin -> Symantec Protection for SharePoint Server -> List and edit all registered Symantec Protection Engines I saw the following scared screen:

Fortunately I knew that AV definitions are up to date, inside the Symantec Protection Engine interface I saw "Up To Date":

Inside the log files of Symantec Protection for SharePoint shows that AV definitions are up to date:

So far so good, I'm happy my AV definitions are up to date, but why in Central Admin I have the wrong definitions?

Even if I tried to remove the registered Symantec Protection Engine I got an error. So I could neither delete nor edit the registered Symantec Protection Engines.

Inside the log files "C:\Program Files\Symantec\SharePoint\Logfiles\System" I saw the following error message:

"2014-10-30 10:01:04","(null)","-1","Error","Access to the path 'C:\Program Files\Common Files\Symantec Shared\SharePointEngine\AVESettings_10_1_32_6.dat' is denied."," Server stack trace:     at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)    at System.IO.File.InternalDelete(String path, Boolean checkHost)    at Symantec.Sharepoint.Service.RTCommand.Service.DeleteSettingsScanEngine(ScanEngine scanEngine)    at Symantec.Sharepoint.Service.RTCommand.Service.RemoveScanEngine(ScanEngine scanEngine)    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)  Exception rethrown at [0]:     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)    at Symantec.Sharepoint.Shared.InterfaceLibrary.IRTCommandService.RemoveScanEngine(ScanEngine scanEngine)    at Symantec.Sharepoint.RTCommandClient.RTCommand.RemoveScanEngine(ScanEngine scanEngine, String spssMachine)","mscorlib","RTCommandClient"

This actually show me the solution.

I checked the SPSSService account and the permissions over C:\Program Files\Common Files\Symantec Shared\SharePointEngine\ folder and surprise the account has ONLY write permissions. Adding Full control to the account fixed this issue.  

Hope you will find this article helpful.

No comments:

Post a Comment