Problem - it seems that Symantec AV installed and compiled autoprotect correctly but it is in "Malfunctioning" state. OS - CentOS7 / kernel - 3.10.0-229.14.1.el7.x86_64 Result of: lsmod |grep sym ============================ symap_custom_3_10_0_229_14_1_el7_x86_64 45531 28 symev_custom_3_10_0_229_14_1_el7_x86_64 84377 2 symap_custom_3_10_0_229_14_1_el7_x86_64 Result of: systemctl status autoprotect ======================================== autoprotect.service - LSB: Symantec AutoProtect Modules Loaded: loaded (/etc/rc.d/init.d/autoprotect) Active: active (exited) since Mon 2015-10-26 16:36:56 CET; 39min ago Process: 581 ExecStart=/etc/rc.d/init.d/autoprotect start (code=exited, status=0/SUCCESS) Oct 26 16:36:56 sgme-host autoprotect[581]: Starting AP: symev: loaded (symev-custom-3.10.0-229.14.1.el7-x86_64.ko) Oct 26 16:36:56 sgme-host autoprotect[581]: symap: loaded (symap-custom-3.10.0-229.14.1.el7-x86_64.ko) Oct 26 16:36:56 sgme-host autoprotect[581]: Setting major=249 from /proc/symap Oct 26 16:36:56 sgme-host systemd[1]: Started LSB: Symantec AutoProtect Modules. Content of /root/sepfl-kbuild.log =================================== Mon Oct 26 14:33:33 CET 2015: starting to build kernel modules of SEP for Linux Kernel release not specified. Build kernel modules for current kernel version 3.10.0-229.14.1.el7.x86_64 Kernel source directory not specified. Use default /lib/modules/3.10.0-229.14.1.el7.x86_64/build make -C /lib/modules/3.10.0-229.14.1.el7.x86_64/build M=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev MODVERDIR=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/.tmp_versions-custom-3.10.0-229.14.1.el7-x86_64 modules make[1]: Entering directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c: In function âsym_filename_strâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c:173:53: warning: return discards âconstâ qualifier from pointer target type [enabled by default] static char* sym_filename_str(sym_filename_t* fn) { return fn==NULL? NULL: fn->name; } ^ /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c: In function âsymev_read_proc_symevâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c:609:9: warning: format â%dâ expects argument of type âintâ, but argument 9 has type âlong unsigned intâ [-Wformat=] ctrsnap.namerr, ctrsnap.nomem, ctrsnap.r_denied); ^ CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/syscalls.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/syscalls.c: In function âget_ia32_from_interrupt_tableâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/syscalls.c:124:20: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] ia32_sct = (void **)*(unsigned *)(p+3); ^ CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/fileops.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/hnfs.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/utils.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.c: In function âsym_procfs_fopreadâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.c:112:1: warning: the frame size of 4112 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev_custom_3_10_0_229_14_1_el7_x86_64.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm_custom_3_10_0_229_14_1_el7_x86_64.o Building modules, stage 2. MODPOST 2 modules CC /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev_custom_3_10_0_229_14_1_el7_x86_64.mod.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev_custom_3_10_0_229_14_1_el7_x86_64.ko CC /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm_custom_3_10_0_229_14_1_el7_x86_64.mod.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm_custom_3_10_0_229_14_1_el7_x86_64.ko make[1]: Leaving directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' cp symev_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/bin.ira/symev-custom-3.10.0-229.14.1.el7-x86_64.ko cp symevrm_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/bin.ira/.symevrm-custom-3.10.0-229.14.1.el7-x86_64.ko cp /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/Module.symvers Module.symvers-custom-3.10.0-229.14.1.el7-x86_64 rm -rf Module.symvers cp ../symev/Module.symvers-custom-3.10.0-229.14.1.el7-x86_64 Module.symvers make -C /lib/modules/3.10.0-229.14.1.el7.x86_64/build M=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap MODVERDIR=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/.tmp_versions-custom-3.10.0-229.14.1.el7-x86_64 modules make[1]: Entering directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/linuxmod.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/../symev/sym_procfs.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/../symev/sym_procfs.c: In function âsym_procfs_fopreadâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/../symev/sym_procfs.c:112:1: warning: the frame size of 4112 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/symap_custom_3_10_0_229_14_1_el7_x86_64.o Building modules, stage 2. MODPOST 1 modules CC /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/symap_custom_3_10_0_229_14_1_el7_x86_64.mod.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/symap_custom_3_10_0_229_14_1_el7_x86_64.ko make[1]: Leaving directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' cp symap_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/bin.ira/symap-custom-3.10.0-229.14.1.el7-x86_64.ko Mon Oct 26 14:33:43 CET 2015: Build succeeded succeed to make link /lib/modules/3.10.0-229.14.1.el7.x86_64/kernel/drivers/char/symev_custom_3_10_0_229_14_1_el7_x86_64.ko succeed to make link /lib/modules/3.10.0-229.14.1.el7.x86_64/kernel/drivers/char/symap_custom_3_10_0_229_14_1_el7_x86_64.ko Mon Oct 26 16:27:58 CET 2015: starting to build kernel modules of SEP for Linux Kernel release not specified. Build kernel modules for current kernel version 3.10.0-229.14.1.el7.x86_64 Kernel source directory not specified. Use default /lib/modules/3.10.0-229.14.1.el7.x86_64/build make -C /lib/modules/3.10.0-229.14.1.el7.x86_64/build M=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev MODVERDIR=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/.tmp_versions-custom-3.10.0-229.14.1.el7-x86_64 modules make[1]: Entering directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c: In function âsym_filename_strâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c:173:53: warning: return discards âconstâ qualifier from pointer target type [enabled by default] static char* sym_filename_str(sym_filename_t* fn) { return fn==NULL? NULL: fn->name; } ^ /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c: In function âsymev_read_proc_symevâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev.c:609:9: warning: format â%dâ expects argument of type âintâ, but argument 9 has type âlong unsigned intâ [-Wformat=] ctrsnap.namerr, ctrsnap.nomem, ctrsnap.r_denied); ^ CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/syscalls.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/syscalls.c: In function âget_ia32_from_interrupt_tableâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/syscalls.c:124:20: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] ia32_sct = (void **)*(unsigned *)(p+3); ^ CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/fileops.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/hnfs.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/utils.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.c: In function âsym_procfs_fopreadâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.c:112:1: warning: the frame size of 4112 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev_custom_3_10_0_229_14_1_el7_x86_64.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm_custom_3_10_0_229_14_1_el7_x86_64.o Building modules, stage 2. MODPOST 2 modules CC /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev_custom_3_10_0_229_14_1_el7_x86_64.mod.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symev_custom_3_10_0_229_14_1_el7_x86_64.ko CC /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm_custom_3_10_0_229_14_1_el7_x86_64.mod.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/symevrm_custom_3_10_0_229_14_1_el7_x86_64.ko make[1]: Leaving directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' cp symev_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/bin.ira/symev-custom-3.10.0-229.14.1.el7-x86_64.ko cp symevrm_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/bin.ira/.symevrm-custom-3.10.0-229.14.1.el7-x86_64.ko cp /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symev/Module.symvers Module.symvers-custom-3.10.0-229.14.1.el7-x86_64 rm -rf Module.symvers cp ../symev/Module.symvers-custom-3.10.0-229.14.1.el7-x86_64 Module.symvers make -C /lib/modules/3.10.0-229.14.1.el7.x86_64/build M=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap MODVERDIR=/tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/.tmp_versions-custom-3.10.0-229.14.1.el7-x86_64 modules make[1]: Entering directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/linuxmod.o CC [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/../symev/sym_procfs.o /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/../symev/sym_procfs.c: In function âsym_procfs_fopreadâ: /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/../symev/sym_procfs.c:112:1: warning: the frame size of 4112 bytes is larger than 2048 bytes [-Wframe-larger-than=] } ^ LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/symap_custom_3_10_0_229_14_1_el7_x86_64.o Building modules, stage 2. MODPOST 1 modules CC /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/symap_custom_3_10_0_229_14_1_el7_x86_64.mod.o LD [M] /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/symap/symap_custom_3_10_0_229_14_1_el7_x86_64.ko make[1]: Leaving directory `/usr/src/kernels/3.10.0-229.14.1.el7.x86_64' cp symap_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm/src/ap-kernelmodule-12.1.6168-6000/bin.ira/symap-custom-3.10.0-229.14.1.el7-x86_64.ko Mon Oct 26 16:28:08 CET 2015: Build succeeded succeed to make link /lib/modules/3.10.0-229.14.1.el7.x86_64/kernel/drivers/char/symev_custom_3_10_0_229_14_1_el7_x86_64.ko succeed to make link /lib/modules/3.10.0-229.14.1.el7.x86_64/kernel/drivers/char/symap_custom_3_10_0_229_14_1_el7_x86_64.ko Content of /root/sepfl-install.log ================================== Mon Oct 26 16:27:40 CET 2015: Starting to install Symantec Endpoint Protection for Linux FromProduct= ToProduct=12.1.6168.6000 Mon Oct 26 16:27:43 CET 2015: Performing pre-check... /etc/Symantec.conf exists, need to check JAVA_HOME in it firstly. found /usr/java/jre1.8.0_60/bin in /etc/Symantec.conf, check it. found java /usr/java/jre1.8.0_60/bin/java Mon Oct 26 16:27:43 CET 2015: Pre-check succeeded Mon Oct 26 16:27:45 CET 2015: Begin installing virus protection component Mon Oct 26 16:27:45 CET 2015: Performing pre-check... Found /root/SepPrecheck.cfg, no need to perform pre-check Mon Oct 26 16:27:45 CET 2015: Pre-check is successful Mon Oct 26 16:27:46 CET 2015: Virus protection component installed successfully Mon Oct 26 16:27:46 CET 2015: Begin installing Auto-Protect component Mon Oct 26 16:27:47 CET 2015: Performing pre-check... Found /root/SepPrecheck.cfg, no need to perform pre-check Mon Oct 26 16:27:47 CET 2015: Pre-check is successful Mon Oct 26 16:27:47 CET 2015: Auto-Protect component installed successfully Mon Oct 26 16:27:47 CET 2015: Begin installing GUI component Mon Oct 26 16:27:48 CET 2015: Performing pre-check... Found /root/SepPrecheck.cfg, no need to perform pre-check Mon Oct 26 16:27:48 CET 2015: Pre-check is successful Mon Oct 26 16:27:48 CET 2015: GUI component installed successfully Mon Oct 26 16:27:48 CET 2015: Begin installing LiveUpdate component Mon Oct 26 16:27:48 CET 2015: Performing pre-check... Found /root/SepPrecheck.cfg, no need to perform pre-check Mon Oct 26 16:27:48 CET 2015: Pre-check is successful Mon Oct 26 16:27:56 CET 2015: LiveUpdate component installed successfully 12.1.6168.6000 is newer than , need to copy setup.ini & setAid.ini Succeed to copy /tmp/sep-rpm/./Configuration/setup.ini to /etc/symantec/setup.ini Succeed to copy /tmp/sep-rpm/./Configuration/setAid.ini to /etc/symantec/setAid.ini '/etc/symantec/sylink.xml' doesn't exist, need copy it Succeed to copy '/tmp/sep-rpm/./Configuration/sylink.xml' to '/etc/symantec/sylink.xml'. Succeed to copy /tmp/sep-rpm/./Configuration/sep_NE.slf to /etc/symantec/sep.slf Starting autoprotect (via systemctl): Job for autoprotect.service failed. See 'systemctl status autoprotect.service' and 'journalctl -xn' for details. [FAILED] check whether need to install legacy package. driver is not loaded yet, need legacy kernel package Mon Oct 26 16:27:57 CET 2015: Begin installing legacy Auto-Protect component Mon Oct 26 16:27:57 CET 2015: Performing pre-check... Found /root/SepPrecheck.cfg, no need to perform pre-check Mon Oct 26 16:27:57 CET 2015: Pre-check is successful Mon Oct 26 16:27:58 CET 2015: Legacy Auto-Protect component installed successfully try to start autoprotect again Starting autoprotect (via systemctl): Job for autoprotect.service failed. See 'systemctl status autoprotect.service' and 'journalctl -xn' for details. [FAILED] the current kernel 3.10.0-229.14.1.el7.x86_64 is not supported yet Mon Oct 26 16:27:58 CET 2015: Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code ap-kernelmodule-12.1.6168-6000/ ap-kernelmodule-12.1.6168-6000/build.sh ap-kernelmodule-12.1.6168-6000/include/ ap-kernelmodule-12.1.6168-6000/include/symprocfs.h ap-kernelmodule-12.1.6168-6000/include/symkutil.h ap-kernelmodule-12.1.6168-6000/include/vpregistry.h ap-kernelmodule-12.1.6168-6000/include/commonids.h ap-kernelmodule-12.1.6168-6000/include/symap_cfg.h ap-kernelmodule-12.1.6168-6000/include/symap-core.h ap-kernelmodule-12.1.6168-6000/include/symevl.h ap-kernelmodule-12.1.6168-6000/include/symtypes.h ap-kernelmodule-12.1.6168-6000/bin.ida/ ap-kernelmodule-12.1.6168-6000/lib.ira/ ap-kernelmodule-12.1.6168-6000/lib.ira/symap-core-x86_64.o ap-kernelmodule-12.1.6168-6000/lib.ira/symap-core.o ap-kernelmodule-12.1.6168-6000/symap/ ap-kernelmodule-12.1.6168-6000/symap/Makefile ap-kernelmodule-12.1.6168-6000/symap/linuxmod.c ap-kernelmodule-12.1.6168-6000/COPYING ap-kernelmodule-12.1.6168-6000/VERSION ap-kernelmodule-12.1.6168-6000/README ap-kernelmodule-12.1.6168-6000/bin.ira/ ap-kernelmodule-12.1.6168-6000/kernelsource/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/xdr4.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/nfsfh.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/nfsd.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/cache.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/state.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/xdr3.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux2.6.33/fs/nfsd/xdr.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/ ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/xdr4.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/nfsfh.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/nfsd.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/_nfsfh.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/cache.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/state.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/vfs.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/xdr3.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/_stats.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/xdr.h ap-kernelmodule-12.1.6168-6000/kernelsource/linux3.10.0/fs/nfsd/_export.h ap-kernelmodule-12.1.6168-6000/lib.ida/ ap-kernelmodule-12.1.6168-6000/symev/ ap-kernelmodule-12.1.6168-6000/symev/syscalls.c ap-kernelmodule-12.1.6168-6000/symev/hnfs.h ap-kernelmodule-12.1.6168-6000/symev/symev.c ap-kernelmodule-12.1.6168-6000/symev/symev.h ap-kernelmodule-12.1.6168-6000/symev/symevrm.c ap-kernelmodule-12.1.6168-6000/symev/fileops.h ap-kernelmodule-12.1.6168-6000/symev/Makefile ap-kernelmodule-12.1.6168-6000/symev/utils.c ap-kernelmodule-12.1.6168-6000/symev/fileops.c ap-kernelmodule-12.1.6168-6000/symev/hnfs.c ap-kernelmodule-12.1.6168-6000/symev/sym_procfs.c ap-kernelmodule-12.1.6168-6000/sym.ira/ Mon Oct 26 16:28:19 CET 2015: Build Auto-Protect kernel modules from source code successfully Starting symcfgd (via systemctl): [ OK ] symcfgd is started successfully. Starting rtvscand (via systemctl): [ OK ] rtvscand is started successfully. Succeed to enable ap AP status: Malfunctioning Starting smcd (via systemctl): [ OK ] smcd is started successfully. /opt/Symantec/autoprotect /tmp/sep-rpm succeed to make link /lib/modules/3.10.0-229.14.1.el7.x86_64/kernel/drivers/char/symev_custom_3_10_0_229_14_1_el7_x86_64.ko succeed to make link /lib/modules/3.10.0-229.14.1.el7.x86_64/kernel/drivers/char/symap_custom_3_10_0_229_14_1_el7_x86_64.ko /tmp/sep-rpm Mon Oct 26 16:28:21 CET 2015: Installation completed Mon Oct 26 16:28:21 CET 2015: ============================================================= Mon Oct 26 16:28:21 CET 2015: Daemon status: Mon Oct 26 16:28:21 CET 2015: symcfgd [running] Mon Oct 26 16:28:21 CET 2015: rtvscand [running] Mon Oct 26 16:28:21 CET 2015: smcd [running] Mon Oct 26 16:28:21 CET 2015: ============================================================= Mon Oct 26 16:28:21 CET 2015: Drivers loaded: Mon Oct 26 16:28:21 CET 2015: symap_custom_3_10_0_229_14_1_el7_x86_64 symev_custom_3_10_0_229_14_1_el7_x86_64 Mon Oct 26 16:28:21 CET 2015: ============================================================= Mon Oct 26 16:28:22 CET 2015: Auto-Protect starting AP status: Malfunctioning in 1 time. Mon Oct 26 16:28:23 CET 2015: Protection status: Mon Oct 26 16:28:23 CET 2015: Definition: Waiting for update. Mon Oct 26 16:28:23 CET 2015: AP: Malfunctioning Mon Oct 26 16:28:23 CET 2015: ============================================================= Mon Oct 26 16:28:23 CET 2015: The log files for installation of Symantec Endpoint Protection for Linux are under ~/: Mon Oct 26 16:28:23 CET 2015: sepfl-install.log Mon Oct 26 16:28:23 CET 2015: sep-install.log Mon Oct 26 16:28:23 CET 2015: sepap-install.log Mon Oct 26 16:28:23 CET 2015: sepap-legacy-install.log Mon Oct 26 16:28:23 CET 2015: sepui-install.log Mon Oct 26 16:28:23 CET 2015: sepjlu-install.log Mon Oct 26 16:28:23 CET 2015: sepfl-kbuild.log ======================================================================================================================================================== Result of: systemctl status rtvscand ===================================== rtvscand.service - LSB: Symantec AntiVirus Scanner Loaded: loaded (/etc/rc.d/init.d/rtvscand) Active: active (running) since Mon 2015-10-26 16:37:00 CET; 43min ago Process: 1839 ExecStart=/etc/rc.d/init.d/rtvscand start (code=exited, status=0/SUCCESS) CGroup: /system.slice/rtvscand.service ââ1918 /opt/Symantec/symantec_antivirus/rtvscand -l info Oct 26 16:52:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 16:55:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 16:58:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:01:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:04:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:07:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:10:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:13:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:16:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Oct 26 17:19:06 sgme-host rtvscand[1918]: CDefUtils::GetNewestDefs(): Missing DEFINFO.DAT. Result of: systemctl status smcd ================================= smcd.service - LSB: Symantec AntiVirus Scanner Loaded: loaded (/etc/rc.d/init.d/smcd) Active: active (running) since Mon 2015-10-26 16:37:00 CET; 43min ago Process: 1840 ExecStart=/etc/rc.d/init.d/smcd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/smcd.service ââ1973 /opt/Symantec/symantec_antivirus/smcd -l info ââ2748 /opt/Symantec/symantec_antivirus/sav liveupdate --update ââ2750 navdefutil --mdefs Avenge MicroDefs25 SavCorp10 Linux ââ2751 /usr/java/jre1.8.0_60/bin/java LiveUpdate [ -p Avenge MicroDefs25 SavCorp10 Linux -v MicroDefsB.Error -l SymAllLanguages -t HubDefs -z 0 ] [ -p Avenge MicroDefs25 SavCorp10 Linux -v M... Oct 26 16:37:00 sgme-host systemd[1]: Starting LSB: Symantec AntiVirus Scanner... Oct 26 16:37:00 sgme-host smcd[1973]: --- smcd started (pid 1973) --- Oct 26 16:37:00 sgme-host smcd[1973]: smcd running as daemon Oct 26 16:37:00 sgme-host smcd[1840]: [28B blob data] Oct 26 16:37:00 sgme-host systemd[1]: Started LSB: Symantec AntiVirus Scanner. Oct 26 16:50:05 sgme-host smcd[1973]: failed to run liveupdate. Oct 26 17:01:57 sgme-host smcd[1973]: failed to run liveupdate. Oct 26 17:14:56 sgme-host smcd[1973]: failed to run liveupdate. Result of: systemctl status symcfgd ==================================== symcfgd.service - LSB: Symantec AntiVirus Configuration Server Loaded: loaded (/etc/rc.d/init.d/symcfgd) Active: active (running) since Mon 2015-10-26 16:37:00 CET; 43min ago Process: 812 ExecStart=/etc/rc.d/init.d/symcfgd start (code=exited, status=0/SUCCESS) CGroup: /system.slice/symcfgd.service ââ907 /opt/Symantec/symantec_antivirus/symcfgd -l info Oct 26 16:37:00 sgme-host symcfgd[812]: [31B blob data] Oct 26 16:37:00 sgme-host systemd[1]: Started LSB: Symantec AntiVirus Configuration Server. Oct 26 16:49:20 sgme-host symcfgd[907]: subscriber 5 has left -- closed 0 remaining handles Oct 26 16:50:05 sgme-host symcfgd[907]: subscriber 4 has left -- closed 0 remaining handles Oct 26 17:01:57 sgme-host symcfgd[907]: subscriber 6 has left -- closed 0 remaining handles Oct 26 17:12:05 sgme-host symcfgd[907]: subscriber 8 has left -- closed 0 remaining handles Oct 26 17:12:12 sgme-host symcfgd[907]: subscriber 9 has left -- closed 0 remaining handles Oct 26 17:12:15 sgme-host symcfgd[907]: subscriber 10 has left -- closed 0 remaining handles Oct 26 17:12:20 sgme-host symcfgd[907]: subscriber 11 has left -- closed 0 remaining handles Oct 26 17:14:56 sgme-host symcfgd[907]: subscriber 7 has left -- closed 0 remaining handles