Endpoint Protection

Hi,

I have opened a case with symantec for this issue which is prolonging for almost 2-3 months with no solutions.

we have a linux prod box(6.5 santiago) with symantec AV. intially, the kernel was not supported and due to which scan engine was malfunctioned. we have upgraded the kernel version to the supported one. but still its having the same issue. Have provided all the logs(sadiag and sys logs) but still no solutions.

only rtvscand service is not running, smcd and symcfgd are running fine.

Last week symantec suggested us to install intelligent updater package but still its not working.

let me know if you can help me on this?

Issue:
1)Checked the service - rtvscand is stopped.
2)checkedantivirus status - malfunctioning.
3)restarted the services and checked auto-protect status - disabled(at this time services status is showing as running).
4)after a while, checked the services again - rtvscand service is stopped automatically.

Note : Attached screenshot with this.

We are having the same issue after upgrading to SEP 12.1.RU5. Have you found a solution?

Not sure(we havent tried the solution yet) But after 3 months, symantec engineers given a possible solution. We have submitted the recent log files in which they found that its not a symantec issue, its a linux memory issue.

As per symantec, there is not enough memory in linux box to run the rtvscand process hence it was killed by OOM deamon.

Please see the below error and comment from symantec team.

Out of memory: Kill process 14313 (rtvscand) score 854 or sacrifice child
Killed process 14313, UID 0, (rtvscand) total-vm:990136kB, anon-rss:902720kB, file-rss:36kB

This explicitly indicates that your Linux machine does not have enough memory to run all processes, and that rtvscand is being terminated by the OOM daemon.

This is explained in detail in Oracle's article on the subject, which I've included below:
http://www.oracle.com/technetwork/articles/servers-storage-dev/oom-killer-1911807.html

Symantec Support advises adding more memory to this machine or configuring your OS to exclude rtvscand from the OOM kill daemon. If you are unsure of how to perform this modification to the OS, you will need to engage with Red Hat support for assistance

Hope this helps u....

Not sure(we havent tried the solution yet) But after 3 months, symantec engineers given a possible solution. We have submitted the recent log files in which they found that its not a symantec issue, its a linux memory issue.

As per symantec, there is not enough memory in linux box to run the rtvscand process hence it was killed by OOM deamon.

Please see the below error and comment from symantec team.

Out of memory: Kill process 14313 (rtvscand) score 854 or sacrifice child
Killed process 14313, UID 0, (rtvscand) total-vm:990136kB, anon-rss:902720kB, file-rss:36kB

This explicitly indicates that your Linux machine does not have enough memory to run all processes, and that rtvscand is being terminated by the OOM daemon.

This is explained in detail in Oracle's article on the subject, which I've included below:
http://www.oracle.com/technetwork/articles/servers-storage-dev/oom-killer-1911807.html

Symantec Support advises adding more memory to this machine or configuring your OS to exclude rtvscand from the OOM kill daemon. If you are unsure of how to perform this modification to the OS, you will need to engage with Red Hat support for assistance

Hope this helps u....