Endpoint Protection

Problem - it seems that Symantec AV 12.1.6 for Linux installed and compiled autoprotect module correctly but it is in "Malfunctioning" state.
After several installations it still doesnt't work - services are up and running and autoprotect modules are loaded but the autoprotect is in Malfunctioning state and client cannot be seen on management console. Symantec client is CentOS7, the kernel is 3.10.0-229.14.1.el7.x86_64.

There is attach with the content of sepfl-kbuild and sepfl-install logs for troubleshooting purposes.

Attachment(s)

symantec-autoprotect-malfunction.txt   24 KB 1 version

Did virus definitions load correctly? It show like this until they are fully loaded. Just want to confirm that first.

Can I force it to load definitions? The subfolders in /opt/Symantec/virusdefs are empty.

Result of: sav info -d

Waiting for update

Result of: sav liveupdate -u

Command failed: Failure in processing of micro definitions before update

Unable to perform update

I tried to start rtvscand in debug mode - vpdebug.log is in attach if it can help.

Attachment(s)

vpdebug_0.zip   18 KB 1 version

Do you have an LUA setup for the linux SEP client to update defs from? As it can't update directly from the SEPM. An if so is your LUA setup to download and distribute the defs? Once these are up to date on the client they won't show as malfunctioning. 

Or you can setup an apache web server or reverse proxy to update the defs on the client
https://support.symantec.com/en_US/article.HOWTO85034.html

We have LUA and SEPM - wehave more than 20 CentOS 6 servers and we have no poblem with those servers. We have this problem only with few CentOS 7 machines.

The problem was actually with our installer - we used here standalone instead of our usual managed.

Brian and GeoGeo thank you for help ...

Glad you sorted the problem :)