Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Install SEP on RHEL problems

Jump to Best Answer

1. Install SEP on RHEL problems

Recommend

Mateusz Polok

Posted Apr 04, 2018 10:49 AM

Hi Team,

I have some problems with installing the SEP on RHEL server. Just some background: SEP 14.0.2415.0200 (installation using RPM package), RHEL Linux 3.10.0-693.17.1.el7.x86_64 (kernel is supported https://support.symantec.com/en_US/article.INFO3983.html)

Initial liveupdate I think runs from public internet so it will not work (i have isolated infra), but traffic to our SEP server on port 8014 is UP. After the installation the agent register in SEPM in correct container

The biggest problem i think is with the autoprotect.service which failed during installation

[root@X Symantec]# ls -la
total 22712
drwxr-xr-x  5 root root     4096 Apr  4 15:50 .
dr-xr-x---. 5 root root     4096 Apr  4 15:47 ..
drwxr-xr-x  2 root root     4096 May 24  2017 Configuration
-rwxr--r--  1 root root    53326 May 24  2017 install.sh
-rw-r--r--  1 root root      218 May 24  2017 pkg.sig
drwxr-xr-x  2 root root     4096 May 24  2017 Repository
drwxr-xr-x  2 root root     4096 May 24  2017 src
-rw-------  1 root root 23174913 Apr  4 15:50 SymantecEndpointProtection.zip

[root@X Symantec]# ./install.sh -i
Starting to install Symantec Endpoint Protection for Linux
Performing pre-check...
Pre-check succeeded
Begin installing virus protection component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:sav-14.0.2415-0200               ################################# [100%]
Virus protection component installed successfully
Begin installing Auto-Protect component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:savap-x64-14.0.2415-0200         ################################# [100%]
Auto-Protect component installed successfully
Begin installing GUI component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:savui-14.0.2415-0200             ################################# [100%]
GUI component installed successfully
Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code
Build Auto-Protect kernel modules from source code failed with error: 1
Running LiveUpdate to get the latest defintions...
sep::lux::Cseplux: Failed to run session, error code: 0x80010830
Live update session failed. Please enable debug logging for more information
Unable to perform update
Installation completed
=============================================================
Daemon status:
symcfgd                         [running]
rtvscand                        [running]
smcd                            [running]
=============================================================
Error: No drivers are loaded into kernel.
=============================================================
Auto-Protect starting
Protection status:
Definition:     Waiting for update.
AP:             Malfunctioning
=============================================================
The log files for installation of Symantec Endpoint Protection for Linux are under ~/:
sepfl-install.log
sep-install.log
sepap-install.log
sepui-install.log
sepfl-kbuild.log

I am also attaching the logs

cat sepfl-install.log
Wed Apr  4 15:53:32 CEST 2018: Starting to install Symantec Endpoint Protection for Linux
FromProduct=
ToProduct=14.0.2415.0200
Wed Apr  4 15:53:33 CEST 2018: Performing pre-check...
Wed Apr  4 15:53:34 CEST 2018: Pre-check succeeded
14.0.2415.0200 is newer than , need to copy setup.ini & setAid.ini
Succeed to copy /root/Symantec/./Configuration/setup.ini to /etc/symantec/sep/setup.ini
Succeed to copy /root/Symantec/./Configuration/setAid.ini to /etc/symantec/sep/setAid.ini
Sylink.xml doesn't exist, need copy it
Succeed to copy '/root/Symantec/./Configuration/sylink.xml' to '/etc/symantec/sep/sylink.xml'.
Succeed to copy /root/Symantec/./Configuration/sepfl.pem to /etc/symantec/sep/sepfl.pem
Succeed to copy /root/Symantec/./Configuration/serdef.dat to /var/symantec/sep/serdef.dat
Sep License doesn't exist, need copy it
Succeed to copy /root/Symantec/./Configuration/sep.slf to /etc/symantec/sep/sep.slf
Wed Apr  4 15:53:35 CEST 2018: Begin installing virus protection component
Wed Apr  4 15:53:35 CEST 2018: Performing pre-check...
Found /root/SepPrecheck.cfg, no need to perform pre-check
Wed Apr  4 15:53:35 CEST 2018: Pre-check is successful
Wed Apr  4 15:53:37 CEST 2018: Virus protection component installed successfully
Wed Apr  4 15:53:37 CEST 2018: Begin installing Auto-Protect component
Wed Apr  4 15:53:37 CEST 2018: Performing pre-check...
Found /root/SepPrecheck.cfg, no need to perform pre-check
Wed Apr  4 15:53:37 CEST 2018: Pre-check is successful
Wed Apr  4 15:53:38 CEST 2018: Auto-Protect component installed successfully
Wed Apr  4 15:53:38 CEST 2018: Begin installing GUI component
Wed Apr  4 15:53:38 CEST 2018: Performing pre-check...
Found /root/SepPrecheck.cfg, no need to perform pre-check
Wed Apr  4 15:53:38 CEST 2018: Pre-check is successful
Wed Apr  4 15:53:38 CEST 2018: GUI component installed successfully
chcon: can't apply partial context to unlabeled file ‘upgrade.sh’
chcon: can't apply partial context to unlabeled file ‘libstdc++.so.6’
chcon: can't apply partial context to unlabeled file ‘libgcc_s.so.1’
chcon: can't apply partial context to unlabeled file ‘liblog4cpp.so.4’
chcon: can't apply partial context to unlabeled file ‘tools’
chcon: can't apply partial context to unlabeled file ‘sav’
chcon: can't apply partial context to unlabeled file ‘AVMan.plg’
chcon: can't apply partial context to unlabeled file ‘LuMan.plg’
chcon: can't apply partial context to unlabeled file ‘plugins’
chcon: can't apply partial context to unlabeled file ‘libsep-cve.so’
chcon: can't apply partial context to unlabeled file ‘sadiag.sh’
chcon: can't apply partial context to unlabeled file ‘libluxSEPCallback.so’
chcon: can't apply partial context to unlabeled file ‘libSlicMan.so’
chcon: can't apply partial context to unlabeled file ‘xsymcfg’
chcon: can't apply partial context to unlabeled file ‘unsupported’
chcon: can't apply partial context to unlabeled file ‘libcx_lib.so’
chcon: can't apply partial context to unlabeled file ‘savluwrap’
chcon: can't apply partial context to unlabeled file ‘libsepcommon.so’
chcon: can't apply partial context to unlabeled file ‘libsep-util.so.1’
chcon: can't apply partial context to unlabeled file ‘liblux.so’
chcon: can't apply partial context to unlabeled file ‘rtvscand’
chcon: can't apply partial context to unlabeled file ‘libSyLog.so.1’
chcon: can't apply partial context to unlabeled file ‘libpatchapp.so’
chcon: can't apply partial context to unlabeled file ‘libduluxcallback.so’
chcon: can't apply partial context to unlabeled file ‘uninstall.sh’
chcon: can't apply partial context to unlabeled file ‘libLuxCustomerLogger.so’
chcon: can't apply partial context to unlabeled file ‘libecomlodrlin.so’
chcon: can't apply partial context to unlabeled file ‘savtray’
chcon: can't apply partial context to unlabeled file ‘libSlicMan.so.1’
chcon: can't apply partial context to unlabeled file ‘symcfgpop’
chcon: can't apply partial context to unlabeled file ‘libsep-util.so’
chcon: can't apply partial context to unlabeled file ‘libSyLog.so’
chcon: can't apply partial context to unlabeled file ‘symcfgdata.inf’
chcon: can't apply partial context to unlabeled file ‘smcd’
chcon: can't apply partial context to unlabeled file ‘libsepcommon.so.1’
chcon: can't apply partial context to unlabeled file ‘symcfgd’
chcon: can't apply partial context to unlabeled file ‘Symantec_2005_Root_CA2.cer’
chcon: can't apply partial context to unlabeled file ‘libSymDltCl.so’
chcon: can't apply partial context to unlabeled file ‘libluxSEPCallback.so.1’
chcon: can't apply partial context to unlabeled file ‘libsep-cve.so.1’
chcon: can't apply partial context to unlabeled file ‘symcfg’
chcon: can't apply partial context to unlabeled file ‘/opt/Symantec/symantec_antivirus’
Starting autoprotect (via systemctl):  Job for autoprotect.service failed because the control process exited with error code. See "systemctl status autoprotect.service" and "journalctl -xe" for details.
[FAILED]
Wed Apr  4 15:53:39 CEST 2018: Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code
ap-kernelmodule-14.0.2415-0200/
ap-kernelmodule-14.0.2415-0200/kernelsource/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/vfs.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/cache.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/xdr3.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/_export.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/_nfsfh.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/nfsd.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/_stats.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/xdr.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/xdr4.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/state.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/nfsfh.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/vfs.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/cache.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/xdr3.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/nfsd.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/xdr.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/stats.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/xdr4.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/state.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/nfsfh.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/export.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/cache.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/xdr3.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/nfsd.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/xdr.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/xdr4.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/state.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/nfsfh.h
ap-kernelmodule-14.0.2415-0200/include/
ap-kernelmodule-14.0.2415-0200/include/symprocfs.h
ap-kernelmodule-14.0.2415-0200/include/symevl.h
ap-kernelmodule-14.0.2415-0200/include/symap_cfg.h
ap-kernelmodule-14.0.2415-0200/include/symkutil.h
ap-kernelmodule-14.0.2415-0200/include/symap-core.h
ap-kernelmodule-14.0.2415-0200/include/symtypes.h
ap-kernelmodule-14.0.2415-0200/include/vpregistry.h
ap-kernelmodule-14.0.2415-0200/include/commonids.h
ap-kernelmodule-14.0.2415-0200/include/distribution.h
ap-kernelmodule-14.0.2415-0200/symap/
ap-kernelmodule-14.0.2415-0200/symap/linuxmod.c
ap-kernelmodule-14.0.2415-0200/symap/Makefile
ap-kernelmodule-14.0.2415-0200/COPYING
ap-kernelmodule-14.0.2415-0200/bin.ida/
ap-kernelmodule-14.0.2415-0200/README
ap-kernelmodule-14.0.2415-0200/lib.ida/
ap-kernelmodule-14.0.2415-0200/symev/
ap-kernelmodule-14.0.2415-0200/symev/utils.c
ap-kernelmodule-14.0.2415-0200/symev/fileops.c
ap-kernelmodule-14.0.2415-0200/symev/hnfs.c
ap-kernelmodule-14.0.2415-0200/symev/Makefile
ap-kernelmodule-14.0.2415-0200/symev/syscalls.c
ap-kernelmodule-14.0.2415-0200/symev/fileops.h
ap-kernelmodule-14.0.2415-0200/symev/sym_stub_execve.S
ap-kernelmodule-14.0.2415-0200/symev/symev.h
ap-kernelmodule-14.0.2415-0200/symev/symevrm.c
ap-kernelmodule-14.0.2415-0200/symev/symev.c
ap-kernelmodule-14.0.2415-0200/symev/hnfs.h
ap-kernelmodule-14.0.2415-0200/symev/sym_procfs.c
ap-kernelmodule-14.0.2415-0200/bin.ira/
ap-kernelmodule-14.0.2415-0200/VERSION
ap-kernelmodule-14.0.2415-0200/sym.ira/
ap-kernelmodule-14.0.2415-0200/build.sh
ap-kernelmodule-14.0.2415-0200/lib.ira/
ap-kernelmodule-14.0.2415-0200/lib.ira/symap-core-x86_64.o
ap-kernelmodule-14.0.2415-0200/lib.ira/symap-core.o
Wed Apr  4 15:53:39 CEST 2018: Build Auto-Protect kernel modules from source code failed with error: 1
Starting symcfgd (via systemctl):  [  OK  ]
symcfgd is started successfully.
Starting rtvscand (via systemctl):  [  OK  ]
rtvscand is started successfully.
Succeed to enable ap
AP status: Malfunctioning
Starting smcd (via systemctl):  [  OK  ]
smcd is started successfully.
kernel drivers are not loaded.
Wed Apr  4 15:57:59 CEST 2018: Installation completed
Wed Apr  4 15:57:59 CEST 2018: =============================================================
Wed Apr  4 15:57:59 CEST 2018: Daemon status:
Wed Apr  4 15:57:59 CEST 2018: symcfgd                          [running]
Wed Apr  4 15:57:59 CEST 2018: rtvscand                 [running]
Wed Apr  4 15:57:59 CEST 2018: smcd                             [running]
Wed Apr  4 15:57:59 CEST 2018: =============================================================
Wed Apr  4 15:57:59 CEST 2018: Error: No drivers are loaded into kernel.
Wed Apr  4 15:57:59 CEST 2018: =============================================================
Wed Apr  4 15:57:59 CEST 2018: Auto-Protect starting
AP status: Malfunctioning in 1 time.
Wed Apr  4 15:58:00 CEST 2018: Protection status:
Wed Apr  4 15:58:00 CEST 2018: Definition:      Waiting for update.
Wed Apr  4 15:58:00 CEST 2018: AP:              Malfunctioning
Wed Apr  4 15:58:00 CEST 2018: =============================================================
Wed Apr  4 15:58:00 CEST 2018: The log files for installation of Symantec Endpoint Protection for Linux are under ~/:
Wed Apr  4 15:58:00 CEST 2018: sepfl-install.log
Wed Apr  4 15:58:00 CEST 2018: sep-install.log
Wed Apr  4 15:58:00 CEST 2018: sepap-install.log
Wed Apr  4 15:58:00 CEST 2018: sepui-install.log
Wed Apr  4 15:58:00 CEST 2018: sepfl-kbuild.log

cat sep-install.log
======================================================
Pre-install begin: Wed Apr  4 15:53:35 CEST 2018
Creating /etc/Symantec.conf file
Performing first install pre-install actions

Pre-install end: Wed Apr  4 15:53:35 CEST 2018
Post-install begin: Wed Apr  4 15:53:36 CEST 2018
Install and register the defs
cannot find /root/Symantec/./Repository/linuxdefs.zip
Performing new install post-install actions
Adding OS CA Certificate store to reg
symcfgd should not start at this time.
rtvscand should not start at this time.
smcd should not start at this time.
Post-install end: Wed Apr  4 15:53:37 CEST 2018

cat sepap-install.log
======================================================
Pre-install begin: Wed Apr  4 15:53:37 CEST 2018
Performing first install pre-install actions
groupadd: group 'avdefs' already exists
Pre-install end: Wed Apr  4 15:53:37 CEST 2018
Post-install begin: Wed Apr  4 15:53:37 CEST 2018
BaseDir=/opt/Symantec
Performing new install post-install actions
Starting autoprotect (via systemctl): Job for autoprotect.service failed because the control process exited with error code. See "systemctl status autoprotect.service" and "journalctl -xe" for details. [FAILED]
symcfgd should not start at this time.
rtvscand should not start at this time.
smcd should not start at this time.
Post-install end: Wed Apr  4 15:53:38 CEST 2018

sepui-install.log
======================================================
Pre-install begin: Wed Apr  4 15:53:38 CEST 2018
Pre-install end: Wed Apr  4 15:53:38 CEST 2018
Post-install begin: Wed Apr  4 15:53:38 CEST 2018
BaseDir=/opt/Symantec
savuiDir=/opt/Symantec
Performing new install post-install actions
savtray: cannot connect to X server
Post-install end: Wed Apr  4 15:53:38 CEST 2018


sepfl-kbuild.log
Wed Apr  4 15:53:39 CEST 2018: starting to build kernel modules of SEP for Linux
Kernel release not specified. Build kernel modules for current kernel version 3.10.0-693.17.1.el7.x86_64
 does not exist
Wed Apr  4 15:53:39 CEST 2018: Build failed

[root@X ~]# systemctl status symcfgd
● symcfgd.service - LSB: Symantec AntiVirus Configuration Server
   Loaded: loaded (/etc/rc.d/init.d/symcfgd; bad; vendor preset: disabled)
   Active: active (running) since Wed 2018-04-04 15:53:42 CEST; 51min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4147 ExecStart=/etc/rc.d/init.d/symcfgd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/symcfgd.service
           └─4180 /opt/Symantec/symantec_antivirus/symcfgd -l info

Apr 04 15:53:39 X symcfgd[4180]: --- symcfgd started (pid 4180) ---
Apr 04 15:53:39 X symcfgd[4180]: symcfgd running as daemon
Apr 04 15:53:39 X symcfgd[4180]: listening on local socket (abstract): sym_config_ipc
Apr 04 15:53:42 X symcfgd[4147]: [31B blob data]
Apr 04 15:53:42 X systemd[1]: Started LSB: Symantec AntiVirus Configuration Server.
Apr 04 15:53:42 X symcfgd[4180]: subscriber 2 has left -- closed 0 remaining handles
Apr 04 15:53:43 X symcfgd[4180]: subscriber 3 has left -- closed 0 remaining handles
Apr 04 15:57:59 X symcfgd[4180]: subscriber 4 has left -- closed 0 remaining handles
Apr 04 15:57:59 X symcfgd[4180]: subscriber 8 has left -- closed 0 remaining handles
Apr 04 15:58:00 X symcfgd[4180]: subscriber 9 has left -- closed 0 remaining handles
[root@X ~]# systemctl status rtvscand
● rtvscand.service - LSB: Symantec AntiVirus Scanner
   Loaded: loaded (/etc/rc.d/init.d/rtvscand; bad; vendor preset: disabled)
   Active: active (running) since Wed 2018-04-04 15:53:42 CEST; 51min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4193 ExecStart=/etc/rc.d/init.d/rtvscand start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/rtvscand.service
           └─4216 /opt/Symantec/symantec_antivirus/rtvscand -l info

Apr 04 15:53:42 X systemd[1]: Starting LSB: Symantec AntiVirus Scanner...
Apr 04 15:53:42 X rtvscand[4216]: --- rtvscand started (pid 4216) ---
Apr 04 15:53:42 X rtvscand[4216]: rtvscand running as daemon
Apr 04 15:53:42 X systemd[1]: Started LSB: Symantec AntiVirus Scanner.
Apr 04 15:53:42 X rtvscand[4193]: [32B blob data]
Apr 04 15:53:43 X rtvscand[4216]: Symantec AntiVirus services startup was successful.
Apr 04 15:53:44 X rtvscand[4216]: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses unti...this computer.
Apr 04 15:53:44 X rtvscand[4216]: Download of virus definition file from LiveUpdate server succeeded.
Apr 04 15:53:47 X rtvscand[4216]: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses unti...this computer.
Apr 04 15:53:47 X rtvscand[4216]: Download of virus definition file from LiveUpdate server succeeded.
Hint: Some lines were ellipsized, use -l to show in full.
[root@X ~]# systemctl status smcd
● smcd.service - LSB: Symantec AntiVirus Scanner
   Loaded: loaded (/etc/rc.d/init.d/smcd; bad; vendor preset: disabled)
   Active: active (running) since Wed 2018-04-04 15:53:44 CEST; 51min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4247 ExecStart=/etc/rc.d/init.d/smcd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/smcd.service
           └─4280 /opt/Symantec/symantec_antivirus/smcd -l info

Apr 04 15:53:43 X systemd[1]: Starting LSB: Symantec AntiVirus Scanner...
Apr 04 15:53:44 X smcd[4280]: --- smcd started (pid 4280) ---
Apr 04 15:53:44 X smcd[4280]: smcd running as daemon
Apr 04 15:53:44 X smcd[4247]: [28B blob data]
Apr 04 15:53:44 X systemd[1]: Started LSB: Symantec AntiVirus Scanner.


[root@x ~]# systemctl status autoprotect.service
● autoprotect.service - LSB: Symantec AutoProtect Modules
   Loaded: loaded (/etc/rc.d/init.d/autoprotect; bad; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2018-04-04 15:53:39 CEST; 53min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 3828 ExecStart=/etc/rc.d/init.d/autoprotect start (code=exited, status=1/FAILURE)

Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-229.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-123.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-514.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-229.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-123.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: symev: unable to load kernel support module (UNSUPPORTED-OS-rh-ES-7-3.10.0-693.17.1.el7-x86_64)
Apr 04 15:53:39 X systemd[1]: autoprotect.service: control process exited, code=exited status=1
Apr 04 15:53:39 X systemd[1]: Failed to start LSB: Symantec AutoProtect Modules.
Apr 04 15:53:39 X systemd[1]: Unit autoprotect.service entered failed state.
Apr 04 15:53:39 X systemd[1]: autoprotect.service failed.

2. RE: Install SEP on RHEL problems

0 Recommend
ℬrίαη
Posted Apr 04, 2018 10:58 AM

Reply Reply Privately
This generally goes away once the definitions have been loaded. By default the SEPM does not provide content to Linux clients and needs to be configured as a reverse proxy first:

http://www.symantec.com/docs/HOWTO85034

You can also manually update the client:

http://www.symantec.com/docs/TECH96754
3. RE: Install SEP on RHEL problems

0 Recommend
Broadcom Employee

Matt Mc
Posted Apr 04, 2018 11:05 AM

Reply Reply Privately
Hi Mateusz,

You're attempting to install SEP 14 MP2, but support for that distro was not added until SEP 14 RU1 (14.0.3752.1000). Please test with at least 14 RU1, or ideally with the latest available build, 14 RU1MP2 (14.0.3929.1200).

In the event using a newer build of the product doesn't help....

Please try the manual compiling process described here, which will at very least generate more verbose output about why auto-compiling the Autoprotect module is failing:

http://www.symantec.com/docs/TECH132773

Once that is done, and with the assumption that the manual compiling process also failed, please gather a set of sadiag data (http://www.symantec.com/docs/HOWTO111042) and open a case with Support. Thank you.
4. RE: Install SEP on RHEL problems

0 Recommend
Mateusz Polok
Posted Apr 04, 2018 11:16 AM

Reply Reply Privately
HI Brian, thanks for your reply. Setting up SEPM as a reverse proxy will resolve the problem with definitions, but still there is a problem with Symantec AutoProtect Modules which were not correctly installed due to some compile problems,
5. RE: Install SEP on RHEL problems

0 Recommend
Mateusz Polok
Posted Apr 04, 2018 12:08 PM

Reply Reply Privately
Hi Matt,

We are upgrading SEPM tomorrow so I will definately give it a try and update the results in the forum.

Thanks
6. RE: Install SEP on RHEL problems

0 Recommend
Mateusz Polok
Posted Apr 05, 2018 11:31 AM

Reply Reply Privately
Hi Matt,

It is still falling, any suggestions will be appreciated? If not I will try to open a case with support.

*the live update failed during installation but i can see it was trying to use liveupdate.symantecliveupdate.com, after few minutes it downloaded the definitions form the proxy server (details found in /opt/Symantec/LiveUpdate/Logs/lux.log)

[root@X Symantec]# ./install.sh -i Starting to install Symantec Endpoint Protection for Linux Performing pre-check... Pre-check succeeded Begin installing virus protection component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:sav-14.0.3897-1101 ################################# [100%] Virus protection component installed successfully Begin installing Auto-Protect component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:savap-x64-14.0.3897-1101 ################################# [100%] Auto-Protect component installed successfully Begin installing GUI component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:savui-14.0.3897-1101 ################################# [100%] GUI component installed successfully Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code Build Auto-Protect kernel modules from source code failed with error: 1 Running LiveUpdate to get the latest defintions... sep::lux::Cseplux: Failed to run session, error code: 0x80010830 Live update session failed. Please enable debug logging for more information Unable to perform update Installation completed ============================================================= Daemon status: symcfgd [running] rtvscand [running] smcd [running] ============================================================= Error: No drivers are loaded into kernel. ============================================================= Auto-Protect starting Protection status: Definition: Waiting for update. AP: Malfunctioning ============================================================= The log files for installation of Symantec Endpoint Protection for Linux are under ~/: sepfl-install.log sep-install.log sepap-install.log sepui-install.log sepfl-kbuild.log
7. RE: Install SEP on RHEL problems

0 Recommend
Broadcom Employee

Matt Mc
Posted Apr 05, 2018 04:36 PM

Reply Reply Privately
Hi Mateusz,

I'd suggest you please attempt the manual AP module compiling process, then if that fails (which I suspect it will - but it will generate more logging) please gather the sadiag data and open a case with Support. (Details on both of these actions is in my last post.)

Thank you.
8. RE: Install SEP on RHEL problems

0 Recommend
Todd Boufford
Posted Apr 12, 2018 10:05 PM

Reply Reply Privately
Hi guys, seeing this same issue trying to install the 14.0.3929.1200 SEP Linux client on a fresh CentOS 7.4 server that has a uname -r value of 3.10.0-693.17.1.el7.x86_64 (after perdoming a yum install kernel-devel-3.10.0-693.17.1.el7.x86_64). Any resolution would be appreciated!
9. RE: Install SEP on RHEL problems
Best Answer

0 Recommend
Todd Boufford
Posted Apr 12, 2018 11:15 PM

Reply Reply Privately
Hey guys, actually I managed to piece together a list of steps that finally worked for me on CentOS 7.4. Sharing for reference purpsoes in case they are of help to anyone. My steps will differ from yours I'm sure, but you'll get the picture:

copy the prepared SymantecEndpointProtection.zip file to a folder on the server

SSH into the server (or access the console)

sudo su root

yum install unzip

# unzip the .zip file while sitting in the folder that you copied it to

unzip SymantecEndpointProtection.zip -d symantec

cd symantec

chmod u+x install.sh

sudo yum install glibc.i686 libgcc.686 libX11.i686

uname -r

*Note what kernel version is returned

yum install kernel-devel-3.10.0-693.21.1.el7.x86_64 (an example, replace the value with whatever the uname -r command returned)

cd src

sudo yum install gcc

sudo yum install bzip2

tar -xf ap-kernelmodule.tar.bz2

cd ap-kernelmodule-14.0.3929-1200

# manually compile the kernel and be sure it succeeds

./build.sh

# return to the main level of the unzipped .zip

sudo ./install.sh -i

reboot

cd /

# verify that auto-protect is enabled (and not malfunctioning) and the client shows in the management console

/opt/Symantec/symantec_antivirus/sav info -a
10. RE: Install SEP on RHEL problems

0 Recommend
AAMIR KHAN
Posted May 10, 2020 07:59 PM
Edited by AAMIR KHAN May 10, 2020 09:35 PM

Reply Reply Privately
Hi Todd,

I am using 14.3 SEP.

I tried all, but still my SEP is showing Waiting for update and also Auto protect component is malfunctioning.

1. I exported the client from SEPM where LUA path and credentials already configured for Linux.
2. Manually build the kernel as mentioned in your post.
3. Installed the SEP successfully.
4. SEP is showing Waiting for update and also Auto protect component is malfunctioning.

Find the error log : [11/May/2020:06:09:05 +0530] "GET /clu-test/sepc%2420virus%2420definitions%2420linux%242014.3_microdefsb.curdefs_symalllanguages_livetri.zip HTTP/1.1" 404 1027

FYR, LUA is working fine as we are able to distribute definition to SEP below 7.4 but SEP on RHEL 7.5 and above we are facing issue.

Original Message
11. RE: Install SEP on RHEL problems

0 Recommend
Mateusz Polok
Posted Apr 13, 2018 04:09 AM

Reply Reply Privately
Thanks Todd,

On RHEL 7.4 we also had to manualy compile, all works fine now !

On RHEL 6.9 all works without any problems, no manual compile require
12. RE: Install SEP on RHEL problems

0 Recommend
Todd Boufford
Posted Apr 19, 2018 10:26 PM

Reply Reply Privately
Awesome, glad to here Mateusz. Have a great one!

Endpoint Protection

Install SEP on RHEL problems

Mateusz PolokApr 04, 2018 10:49 AM

ℬrίαηApr 04, 2018 10:58 AM

Matt McApr 04, 2018 11:05 AM

Mateusz PolokApr 04, 2018 11:16 AM

Mateusz PolokApr 04, 2018 12:08 PM

Mateusz PolokApr 05, 2018 11:31 AM

Matt McApr 05, 2018 04:36 PM

Todd BouffordApr 12, 2018 10:05 PM

Todd BouffordApr 12, 2018 11:15 PMBest Answer

AAMIR KHANMay 10, 2020 07:59 PM

Mateusz PolokApr 13, 2018 04:09 AM

Todd BouffordApr 19, 2018 10:26 PM

1. Install SEP on RHEL problems

2. RE: Install SEP on RHEL problems

3. RE: Install SEP on RHEL problems

4. RE: Install SEP on RHEL problems

5. RE: Install SEP on RHEL problems

6. RE: Install SEP on RHEL problems

7. RE: Install SEP on RHEL problems

8. RE: Install SEP on RHEL problems

9. RE: Install SEP on RHEL problems Best Answer

10. RE: Install SEP on RHEL problems

11. RE: Install SEP on RHEL problems

12. RE: Install SEP on RHEL problems

9. RE: Install SEP on RHEL problems
Best Answer