Endpoint Protection

 View Only

  • 1.  Confirming post-installation state/activity of SEP 12.x on Linux

    Posted Mar 18, 2016 05:33 PM

    I just finished installing SEP 12 on CentOS 6.6.    The end of installation showed:

    LiveUpdate component installed successfully
Installation completed
=============================================================
Daemon status:
symcfgd                         [running]
rtvscand                        [running]
smcd                            [running]
=============================================================
Drivers loaded:
symap_ct_ES_6_2_6_32_431_el6_x86_64
symev_ct_ES_6_2_6_32_431_el6_x86_64
=============================================================
Auto-Protect starting
Protection status:
Definition:     Waiting for update.
AP:             Malfunctioning
=============================================================
The log files for installation of Symantec Endpoint Protection for Linux are under ~/:
sepfl-install.log
sep-install.log
sepap-install.log
sepap-legacy-install.log
sepui-install.log
sepjlu-install.log
sepfl-kbuild.log

    From other posts I read I assume AP will change from MALFUNCTIONING to a normal state once the updated definitions have been pulled down.  It's been over 10 minutes and the Symantec X window (savtray) still shows updating.  The command line output shows:
     

    [root@lserver2 SEP]# sav info -d 
Waiting for update.
[root@lserver2 SEP]# sav info -e
Unable to get current engine version.
[root@lserver2 SEP]# sav info -p
12.1.6 (12.1 RU6 MP4) build 6860 (12.1.6860.6400)
[root@lserver2 SEP]# sav info -s
General Status: Done
Manual Scan: Done
Daily Scheduled Scan: Never run
[root@lserver2 SEP]# sav info -a
Malfunctioning
[root@lserver2 SEP]# sav info -t
Unable to get current definition location.
[root@lserver2 SEP]#

    Is there a way to tell what SEP is doing?  Is it really  updating - or is it stuck waiting for an update? 



  • 2.  RE: Confirming post-installation state/activity of SEP 12.x on Linux

    Posted Mar 21, 2016 11:49 AM

    Did you manually force a liveupdate?



  • 3.  RE: Confirming post-installation state/activity of SEP 12.x on Linux
    Best Answer

    Broadcom Employee
    Posted Mar 21, 2016 12:24 PM

    You will have to keep under monitoring & i believe in the background it will be downloading the latest definitions to show desire results.

    Liveupdate logging is saved by default to /opt/Symantec/LiveUpdate/liveupdt.log

    liveupdate logging is always on

    Default liveupdate log file path can be changed by editing /etc/liveupdate.conf. 

     



  • 4.  RE: Confirming post-installation state/activity of SEP 12.x on Linux

    Posted Mar 21, 2016 02:09 PM

    You're right - it was busy in the background (for hours) but did finally come online.  I assume virus updates were just slow for some reason.



  • 5.  RE: Confirming post-installation state/activity of SEP 12.x on Linux

    Broadcom Employee
    Posted Mar 21, 2016 02:17 PM

    Good to know it's updated now. Generally initial (first) update takes time.

    & if your query has been resolved can mark this thread as a solved with the best answer that helps you.