Endpoint Protection

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.  

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

Hi,

The Linux agent can't use the default configured SEPM for updates. If configured to use LUA, you can't use "Total Cloud Protection" introduced in 14.3 RU3.

Which version are you on? My recommendation would be to stay as current as possible and either configure Apache as a reverse proxy or just let the SEP client connect directly to LiveUpdate on the internet.
Original Message:
Sent: 11-09-2021 01:21 PM
From: Denise Blackerby
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

Hi,

For you with 1000 computers LiveUpdate Administrator is Symantec recommended option.

-It needs Windows server and connection to Internet/Broadcom liveupdate.

-LiveUpdate Administrator needs management and regular checking.

Internet connection from clients would be best, but security settings may not allow it.

-There is two areas that need to be open,
--Liveupdate:  definitions update
--Repository: SEP client installation and version update (This can be also internal copy of relevant files, also SEP client install stub can create such file collection)

Original Message:
Sent: 11-09-2021 01:21 PM
From: Denise Blackerby
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

LUA is a "recommended" option with 10.000 clients or more. It also depends how many SEPM you have and other factors.

LUA adds complexity and as of now at least, you can't use it with the latest Linux agent if you want Total cloud protection activated. (Hint: You should).

https://knowledge.broadcom.com/external/article?articleId=226148


Original Message:
Sent: 11-10-2021 02:40 AM
From: Kari Kaski
Subject: SEP 14 on Linux

Hi,

For you with 1000 computers LiveUpdate Administrator is Symantec recommended option.

-It needs Windows server and connection to Internet/Broadcom liveupdate.

-LiveUpdate Administrator needs management and regular checking.

Internet connection from clients would be best, but security settings may not allow it.

-There is two areas that need to be open,
--Liveupdate:  definitions update
--Repository: SEP client installation and version update (This can be also internal copy of relevant files, also SEP client install stub can create such file collection)

Original Message:
Sent: 11-09-2021 01:21 PM
From: Denise Blackerby
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

Thanks for responding. 

SEP Manager version is 14.3.3385.1000.  It doesn't appear as though LiveUpdate Administrator was configured when the SEP Manager was first configured.

Our security posture doesn't allow internet connection for live updates from the clients.

We were looking at the option to configure Apache as a reverse proxy, but then I found this document indicating "By default, your Windows, Mac, and Linux clients get their updates from the management server."

Configuring clients to download content from an internal LiveUpdate server

Broadcom		remove preview
Configuring clients to download content from an internal LiveUpdate server By default, your Windows, Mac, and Linux clients get their updates from the management server. If you manage a large number of clients, you may want to use Group Update Providers (GUPs) for Windows clients. GUPs reduce the load on the management server and are easier to set up than an internal LiveUpdate server. View this on Broadcom >

There doesn't seem to be a "clear" answer on how to configure this and Broadcom support has been no help.
Original Message:
Sent: 11-10-2021 02:40 AM
From: Kari Kaski
Subject: SEP 14 on Linux

Hi,

For you with 1000 computers LiveUpdate Administrator is Symantec recommended option.

-It needs Windows server and connection to Internet/Broadcom liveupdate.

-LiveUpdate Administrator needs management and regular checking.

Internet connection from clients would be best, but security settings may not allow it.

-There is two areas that need to be open,
--Liveupdate:  definitions update
--Repository: SEP client installation and version update (This can be also internal copy of relevant files, also SEP client install stub can create such file collection)

Original Message:
Sent: 11-09-2021 01:21 PM
From: Denise Blackerby
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

"AntiVirus Status Component is Malfunctioning"  need to check Linux kernal version.. check following link for supported linux kernal version

https://linux-repo.us.securitycloud.symantec.com/sep_linux/14.3RU1/supported_kernels.html

Original Message:
Sent: 11-09-2021 01:21 PM
From: Denise Blackerby
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

If your servers have a UEFI boot system, check that Secure Boot is disabled (after restarting the server you must wait several minutes for the change to be reflected in the SEPM console). I also recommend that you verify that the headers and devels are the same version as the kernel.

That has worked for me, I hope it helps you too.
Original Message:
Sent: 11-11-2021 03:06 AM
From: Michael Lynn
Subject: SEP 14 on Linux

"AntiVirus Status Component is Malfunctioning"  need to check Linux kernal version.. check following link for supported linux kernal version

https://linux-repo.us.securitycloud.symantec.com/sep_linux/14.3RU1/supported_kernels.html

Original Message:
Sent: 11-09-2021 01:21 PM
From: Denise Blackerby
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.

Hi DeniseB, I have same issue in linux agent with SEP manager. Can you fix the problem now?

Original Message:
Sent: Nov 09, 2021 01:21 PM
From: DeniseB
Subject: SEP 14 on Linux

Has anyone been able to successfully configure Linux on SEP 14?

We have created a directory structure, exported the installer package and installed on 2 Linux hosts.  Both hosts show up in the SEP Manager; however, both are showing "Virus Definitions Not Available" and "AntiVirus Status Component is Malfunctioning".

In the LiveUpdate Policy, we have configured the Linux Settings to "Use a specified internal LiveUpdate server and pointed it to the address of the windows SEPM server for updates.  http://x.x.x.x:8014.  Unlike Windows systems, there is no option to "Use the default management server".

When I reached out to worthless Broadcom support, all they did was point me to the following document below.  Looks like the only 2 options to enable LiveUpdate content are to:

1.  Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
2.  For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.

Does anyone have the configuration "recommended" by Broadcom actually working on Linux hosts???

Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy.  

Any input is greatly appreciated.  We have thousands of Linux hosts we must have working by the end of the year.  Why the "strange" configuration for LiveUpdate content on Linux hosts?

Thanks.