Endpoint Protection

Environment: SEP 14.0.2332-0100 on RHEL 7.6

Synopsis: RHEL 7.6 was released. When a host is updated to 7.6 (FWIW the first kernel to come with RHEL 7.6 is 3.10.0-957) and either the host is rebooted or the symcfgd service is restarted, the host completely wedges, silently, and is unusable.

Repeatable Steps:

1. Update to RHEL 7.6
2. Reboot. Your host will wedge as it comes up.
3. Reboot to single user mode to avoid /etc/rc3.d scripts related to SEP
4. Build new SEP kernel modules via build.sh
5. Run /etc/rc3.d/S21autoprotect by hand. Runs fine. Kernel modules load.
6. Run /etc/rc3.d/S22symcfgd by hand and the host immediately wedges and starts flashing keyboard LEDs.

Short-term Workaround: For us, for now, is to reboot the host and choose an older 7.5 kernel when the kernel selection menu is displayed. As new kernel package updates come around, let alone ones with required security fixes, this will not be possible.

This does not appear to be on the supported list yet:

https://www.symantec.com/docs/INFO3983

And neither are you on the latest version:

https://www.symantec.com/docs/HOWTO124730

I'd recommend logging a support case so that Symantec have a record to your request, and I imgaine they may ask you to wait for the next SEP update though

HI,

We have the same problem using custom modules built for the new 3.10.0-957 kernel for v12.1.MP6, modules built fot v14.2 seem to work OK.

Andy

Is Symantec going to "get in front of" things like this? RHEL 7.6 beta has been out for a while now. Is there no continuous build environment testing 14.0 and 14.2 against the latest beta releases of at least supported RHEL and Ubuntu distro versions? Seems Symantec should be able to, in most cases, release versions of Endpoint Protection that work with upcoming RHEL or Ubuntu versions ... before the customer gets those Linux versions.