reference deployment

Symantec Protection Engine on AWS

Malware protection and content scanning services on the AWS Cloud

Use this Quick Start to deploy Symantec Protection Engine (SPE) for Cloud Services on AWS in less than an hour.

SPE enables you to incorporate malware and threat detection technologies into your application. SPE includes Symantec's malware protection and proprietary, patented URL categorization technology. It provides fast, scalable, and reliable content scanning services to protect your data and storage systems against the ever-growing malware threat landscape.

You can integrate SPE with almost any application through the Internet Content Adaptation Protocol (ICAP) by using .NET APIs for C, Java, and C#. This Quick Start aids integration with proxies such as F5, Squid, etc., and is designed for enterprise administrators who want to scan their ingress/egress traffic for viruses, trojans, and other kinds of malware.


This Quick Start was developed by Symantec Corporation in partnership with AWS. Symantec is an APN Partner.

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • Use this Quick Start to set up the following SPE environment on AWS:

    • A virtual private cloud (VPC) spanning two Availability Zones and configured with public subnets. This provides the network infrastructure for your SPE deployment.*
    • An internet gateway to provide access to the internet.*
    • An Elastic Load Balancing (ELB) load balancer that distributes the incoming loads to multiple scanners.
    • In the public subnets, SPE instances that are configured automatically with the load balancer.

    The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks above.

  •  How to deploy
  • You can deploy SPE on AWS in less than an hour, by following a few simple steps:

    1. Subscribe to the SPE AMI in AWS Marketplace. You can choose the paid pricing or the BYOL licensing option. If you choose the BYOL option, place the license key file in an Amazon S3 bucket and note its location.
    2. If you don't already have an AWS account, sign up at
    3. Launch the Quick Start. You can choose from two options:
    4. Use the command-line scanner that comes with SPE and an anti-malware test file to test the deployment.

    To customize your deployment, you can choose different instance types for your resources, choose Availability Zones, and change the number of SPE instances you want to deploy.


  •  Cost and licenses
  • You are responsible for the cost of the AWS services and SPE licenses used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. See the pricing pages for each AWS service you will be using for cost estimates.

    This Quick Start requires a subscription to an Amazon Machine Image (AMI) for the SPE software, which is available from AWS Marketplace. You can choose from two pricing models:

    • Paid pricing: With this option, you’ll pay an hourly fee based on the Amazon Elastic Compute Cloud (Amazon EC2) instance type.
    • Bring Your Own License (BYOL): If you already have a current, valid license for SPE, you can use it for the AWS Quick Start deployment.