Endpoint Protection

 View Only
  • 1.  Standalone SEPM linux agent

    Posted Jan 18, 2023 11:22 AM
    Hello,

    We use the enterprise version including a manager, but there are a number of laptops that never will be connected to the management server.
    We are able to install Linux agent (14.3RU5) on these laptops using the SEP Linux Packager (seplpkg) on RedHat 8.
    When we try to run a manualscan with SAV it indicates that the scan engine is not initiatlized.
    When we update virus definitions (core15 unix) and install these manually to the correct directory the problem remains.
    The /proc/sisap/status shows output but it is unclear how to interpret this.

    Questions: is there a good document describing all the steps needed for standalone installation and manualscan on Linux?
                      where is the license configured in standalone operation?

    With kind regards,

    Gerrit Binnenmars


  • 2.  RE: Standalone SEPM linux agent

    Broadcom Employee
    Posted Jan 20, 2023 11:28 AM
    The core15unix.sh updater is meant for the legacy version of SEP for Linux, version 14.3.1148 MP1.

    Download the updater here for SEP 14.3 RU1 and newer:
    https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sef


  • 3.  RE: Standalone SEPM linux agent

    Posted Jan 23, 2023 07:42 AM

    Thanks Ed for your quick response, this indeed solved the issues found.

    The remaining question is about the license file:
    In the sisamd_0.log we see:

    amdlog/sisamd_0.log:2023-01-23 08:06:57: <error> [Entitlement::isMalwareEntitled]:840 License string is empty
    amdlog/sisamd_0.log:2023-01-23 08:06:58: <info> [AMDMonitorThread::run]:399 Command Request received :APPLY_LICENSE
    amdlog/sisamd_0.log:2023-01-23 08:06:58: <info> [Entitlement::isMalwareEntitled]:872 License ignore expiration date

    Since everything works and according:

    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/licensing-v15883016-d31e6/licensing-an-unmanaged-windows-client-v59427472-d31e973.html

    our assumption is that no license seat is needed for the unmanaged Linux clients.


    Is this assumption correct?
    What is the purpose of using the ./sav manage -i <filename> command?




  • 4.  RE: Standalone SEPM linux agent

    Broadcom Employee
    Posted Jan 24, 2023 12:29 PM
    You are correct -- there's nothing wrong with your licensing.

    For documentation of sav command-line options, see Managing your Linux client using the command line tool (sav)