Hi Team,

I have some problems with installing the SEP on RHEL server. Just some background: SEP 14.0.2415.0200 (installation using RPM package), RHEL Linux 3.10.0-693.17.1.el7.x86_64 (kernel is supported https://support.symantec.com/en_US/article.INFO398...)

Initial liveupdate I think runs from public internet so it will not work (i have isolated infra), but traffic to our SEP server on port 8014 is UP. After the installation the agent register in SEPM in correct container

The biggest problem i think is with the autoprotect.service which failed during installation

[root@X Symantec]# ls -la
total 22712
drwxr-xr-x  5 root root     4096 Apr  4 15:50 .
dr-xr-x---. 5 root root     4096 Apr  4 15:47 ..
drwxr-xr-x  2 root root     4096 May 24  2017 Configuration
-rwxr--r--  1 root root    53326 May 24  2017 install.sh
-rw-r--r--  1 root root      218 May 24  2017 pkg.sig
drwxr-xr-x  2 root root     4096 May 24  2017 Repository
drwxr-xr-x  2 root root     4096 May 24  2017 src
-rw-------  1 root root 23174913 Apr  4 15:50 SymantecEndpointProtection.zip

[root@X Symantec]# ./install.sh -i
Starting to install Symantec Endpoint Protection for Linux
Performing pre-check...
Pre-check succeeded
Begin installing virus protection component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:sav-14.0.2415-0200               ################################# [100%]
Virus protection component installed successfully
Begin installing Auto-Protect component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:savap-x64-14.0.2415-0200         ################################# [100%]
Auto-Protect component installed successfully
Begin installing GUI component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:savui-14.0.2415-0200             ################################# [100%]
GUI component installed successfully
Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code
Build Auto-Protect kernel modules from source code failed with error: 1
Running LiveUpdate to get the latest defintions...
sep::lux::Cseplux: Failed to run session, error code: 0x80010830
Live update session failed. Please enable debug logging for more information
Unable to perform update
Installation completed
=============================================================
Daemon status:
symcfgd                         [running]
rtvscand                        [running]
smcd                            [running]
=============================================================
Error: No drivers are loaded into kernel.
=============================================================
Auto-Protect starting
Protection status:
Definition:     Waiting for update.
AP:             Malfunctioning
=============================================================
The log files for installation of Symantec Endpoint Protection for Linux are under ~/:
sepfl-install.log
sep-install.log
sepap-install.log
sepui-install.log
sepfl-kbuild.log

I am also attaching the logs

cat sepfl-install.log
Wed Apr  4 15:53:32 CEST 2018: Starting to install Symantec Endpoint Protection for Linux
FromProduct=
ToProduct=14.0.2415.0200
Wed Apr  4 15:53:33 CEST 2018: Performing pre-check...
Wed Apr  4 15:53:34 CEST 2018: Pre-check succeeded
14.0.2415.0200 is newer than , need to copy setup.ini & setAid.ini
Succeed to copy /root/Symantec/./Configuration/setup.ini to /etc/symantec/sep/setup.ini
Succeed to copy /root/Symantec/./Configuration/setAid.ini to /etc/symantec/sep/setAid.ini
Sylink.xml doesn't exist, need copy it
Succeed to copy '/root/Symantec/./Configuration/sylink.xml' to '/etc/symantec/sep/sylink.xml'.
Succeed to copy /root/Symantec/./Configuration/sepfl.pem to /etc/symantec/sep/sepfl.pem
Succeed to copy /root/Symantec/./Configuration/serdef.dat to /var/symantec/sep/serdef.dat
Sep License doesn't exist, need copy it
Succeed to copy /root/Symantec/./Configuration/sep.slf to /etc/symantec/sep/sep.slf
Wed Apr  4 15:53:35 CEST 2018: Begin installing virus protection component
Wed Apr  4 15:53:35 CEST 2018: Performing pre-check...
Found /root/SepPrecheck.cfg, no need to perform pre-check
Wed Apr  4 15:53:35 CEST 2018: Pre-check is successful
Wed Apr  4 15:53:37 CEST 2018: Virus protection component installed successfully
Wed Apr  4 15:53:37 CEST 2018: Begin installing Auto-Protect component
Wed Apr  4 15:53:37 CEST 2018: Performing pre-check...
Found /root/SepPrecheck.cfg, no need to perform pre-check
Wed Apr  4 15:53:37 CEST 2018: Pre-check is successful
Wed Apr  4 15:53:38 CEST 2018: Auto-Protect component installed successfully
Wed Apr  4 15:53:38 CEST 2018: Begin installing GUI component
Wed Apr  4 15:53:38 CEST 2018: Performing pre-check...
Found /root/SepPrecheck.cfg, no need to perform pre-check
Wed Apr  4 15:53:38 CEST 2018: Pre-check is successful
Wed Apr  4 15:53:38 CEST 2018: GUI component installed successfully
chcon: can't apply partial context to unlabeled file ‘upgrade.sh’
chcon: can't apply partial context to unlabeled file ‘libstdc++.so.6’
chcon: can't apply partial context to unlabeled file ‘libgcc_s.so.1’
chcon: can't apply partial context to unlabeled file ‘liblog4cpp.so.4’
chcon: can't apply partial context to unlabeled file ‘tools’
chcon: can't apply partial context to unlabeled file ‘sav’
chcon: can't apply partial context to unlabeled file ‘AVMan.plg’
chcon: can't apply partial context to unlabeled file ‘LuMan.plg’
chcon: can't apply partial context to unlabeled file ‘plugins’
chcon: can't apply partial context to unlabeled file ‘libsep-cve.so’
chcon: can't apply partial context to unlabeled file ‘sadiag.sh’
chcon: can't apply partial context to unlabeled file ‘libluxSEPCallback.so’
chcon: can't apply partial context to unlabeled file ‘libSlicMan.so’
chcon: can't apply partial context to unlabeled file ‘xsymcfg’
chcon: can't apply partial context to unlabeled file ‘unsupported’
chcon: can't apply partial context to unlabeled file ‘libcx_lib.so’
chcon: can't apply partial context to unlabeled file ‘savluwrap’
chcon: can't apply partial context to unlabeled file ‘libsepcommon.so’
chcon: can't apply partial context to unlabeled file ‘libsep-util.so.1’
chcon: can't apply partial context to unlabeled file ‘liblux.so’
chcon: can't apply partial context to unlabeled file ‘rtvscand’
chcon: can't apply partial context to unlabeled file ‘libSyLog.so.1’
chcon: can't apply partial context to unlabeled file ‘libpatchapp.so’
chcon: can't apply partial context to unlabeled file ‘libduluxcallback.so’
chcon: can't apply partial context to unlabeled file ‘uninstall.sh’
chcon: can't apply partial context to unlabeled file ‘libLuxCustomerLogger.so’
chcon: can't apply partial context to unlabeled file ‘libecomlodrlin.so’
chcon: can't apply partial context to unlabeled file ‘savtray’
chcon: can't apply partial context to unlabeled file ‘libSlicMan.so.1’
chcon: can't apply partial context to unlabeled file ‘symcfgpop’
chcon: can't apply partial context to unlabeled file ‘libsep-util.so’
chcon: can't apply partial context to unlabeled file ‘libSyLog.so’
chcon: can't apply partial context to unlabeled file ‘symcfgdata.inf’
chcon: can't apply partial context to unlabeled file ‘smcd’
chcon: can't apply partial context to unlabeled file ‘libsepcommon.so.1’
chcon: can't apply partial context to unlabeled file ‘symcfgd’
chcon: can't apply partial context to unlabeled file ‘Symantec_2005_Root_CA2.cer’
chcon: can't apply partial context to unlabeled file ‘libSymDltCl.so’
chcon: can't apply partial context to unlabeled file ‘libluxSEPCallback.so.1’
chcon: can't apply partial context to unlabeled file ‘libsep-cve.so.1’
chcon: can't apply partial context to unlabeled file ‘symcfg’
chcon: can't apply partial context to unlabeled file ‘/opt/Symantec/symantec_antivirus’
Starting autoprotect (via systemctl):  Job for autoprotect.service failed because the control process exited with error code. See "systemctl status autoprotect.service" and "journalctl -xe" for details.
[FAILED]
Wed Apr  4 15:53:39 CEST 2018: Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code
ap-kernelmodule-14.0.2415-0200/
ap-kernelmodule-14.0.2415-0200/kernelsource/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/vfs.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/cache.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/xdr3.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/_export.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/_nfsfh.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/nfsd.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/_stats.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/xdr.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/xdr4.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/state.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux3.10.0/fs/nfsd/nfsfh.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/vfs.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/cache.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/xdr3.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/nfsd.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/xdr.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/stats.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/xdr4.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/state.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/nfsfh.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux4.7.0/fs/nfsd/export.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/cache.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/xdr3.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/nfsd.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/xdr.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/xdr4.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/state.h
ap-kernelmodule-14.0.2415-0200/kernelsource/linux2.6.33/fs/nfsd/nfsfh.h
ap-kernelmodule-14.0.2415-0200/include/
ap-kernelmodule-14.0.2415-0200/include/symprocfs.h
ap-kernelmodule-14.0.2415-0200/include/symevl.h
ap-kernelmodule-14.0.2415-0200/include/symap_cfg.h
ap-kernelmodule-14.0.2415-0200/include/symkutil.h
ap-kernelmodule-14.0.2415-0200/include/symap-core.h
ap-kernelmodule-14.0.2415-0200/include/symtypes.h
ap-kernelmodule-14.0.2415-0200/include/vpregistry.h
ap-kernelmodule-14.0.2415-0200/include/commonids.h
ap-kernelmodule-14.0.2415-0200/include/distribution.h
ap-kernelmodule-14.0.2415-0200/symap/
ap-kernelmodule-14.0.2415-0200/symap/linuxmod.c
ap-kernelmodule-14.0.2415-0200/symap/Makefile
ap-kernelmodule-14.0.2415-0200/COPYING
ap-kernelmodule-14.0.2415-0200/bin.ida/
ap-kernelmodule-14.0.2415-0200/README
ap-kernelmodule-14.0.2415-0200/lib.ida/
ap-kernelmodule-14.0.2415-0200/symev/
ap-kernelmodule-14.0.2415-0200/symev/utils.c
ap-kernelmodule-14.0.2415-0200/symev/fileops.c
ap-kernelmodule-14.0.2415-0200/symev/hnfs.c
ap-kernelmodule-14.0.2415-0200/symev/Makefile
ap-kernelmodule-14.0.2415-0200/symev/syscalls.c
ap-kernelmodule-14.0.2415-0200/symev/fileops.h
ap-kernelmodule-14.0.2415-0200/symev/sym_stub_execve.S
ap-kernelmodule-14.0.2415-0200/symev/symev.h
ap-kernelmodule-14.0.2415-0200/symev/symevrm.c
ap-kernelmodule-14.0.2415-0200/symev/symev.c
ap-kernelmodule-14.0.2415-0200/symev/hnfs.h
ap-kernelmodule-14.0.2415-0200/symev/sym_procfs.c
ap-kernelmodule-14.0.2415-0200/bin.ira/
ap-kernelmodule-14.0.2415-0200/VERSION
ap-kernelmodule-14.0.2415-0200/sym.ira/
ap-kernelmodule-14.0.2415-0200/build.sh
ap-kernelmodule-14.0.2415-0200/lib.ira/
ap-kernelmodule-14.0.2415-0200/lib.ira/symap-core-x86_64.o
ap-kernelmodule-14.0.2415-0200/lib.ira/symap-core.o
Wed Apr  4 15:53:39 CEST 2018: Build Auto-Protect kernel modules from source code failed with error: 1
Starting symcfgd (via systemctl):  [  OK  ]
symcfgd is started successfully.
Starting rtvscand (via systemctl):  [  OK  ]
rtvscand is started successfully.
Succeed to enable ap
AP status: Malfunctioning
Starting smcd (via systemctl):  [  OK  ]
smcd is started successfully.
kernel drivers are not loaded.
Wed Apr  4 15:57:59 CEST 2018: Installation completed
Wed Apr  4 15:57:59 CEST 2018: =============================================================
Wed Apr  4 15:57:59 CEST 2018: Daemon status:
Wed Apr  4 15:57:59 CEST 2018: symcfgd                          [running]
Wed Apr  4 15:57:59 CEST 2018: rtvscand                 [running]
Wed Apr  4 15:57:59 CEST 2018: smcd                             [running]
Wed Apr  4 15:57:59 CEST 2018: =============================================================
Wed Apr  4 15:57:59 CEST 2018: Error: No drivers are loaded into kernel.
Wed Apr  4 15:57:59 CEST 2018: =============================================================
Wed Apr  4 15:57:59 CEST 2018: Auto-Protect starting
AP status: Malfunctioning in 1 time.
Wed Apr  4 15:58:00 CEST 2018: Protection status:
Wed Apr  4 15:58:00 CEST 2018: Definition:      Waiting for update.
Wed Apr  4 15:58:00 CEST 2018: AP:              Malfunctioning
Wed Apr  4 15:58:00 CEST 2018: =============================================================
Wed Apr  4 15:58:00 CEST 2018: The log files for installation of Symantec Endpoint Protection for Linux are under ~/:
Wed Apr  4 15:58:00 CEST 2018: sepfl-install.log
Wed Apr  4 15:58:00 CEST 2018: sep-install.log
Wed Apr  4 15:58:00 CEST 2018: sepap-install.log
Wed Apr  4 15:58:00 CEST 2018: sepui-install.log
Wed Apr  4 15:58:00 CEST 2018: sepfl-kbuild.log

cat sep-install.log
======================================================
Pre-install begin: Wed Apr  4 15:53:35 CEST 2018
Creating /etc/Symantec.conf file
Performing first install pre-install actions

Pre-install end: Wed Apr  4 15:53:35 CEST 2018
Post-install begin: Wed Apr  4 15:53:36 CEST 2018
Install and register the defs
cannot find /root/Symantec/./Repository/linuxdefs.zip
Performing new install post-install actions
Adding OS CA Certificate store to reg
symcfgd should not start at this time.
rtvscand should not start at this time.
smcd should not start at this time.
Post-install end: Wed Apr  4 15:53:37 CEST 2018

cat sepap-install.log
======================================================
Pre-install begin: Wed Apr  4 15:53:37 CEST 2018
Performing first install pre-install actions
groupadd: group 'avdefs' already exists
Pre-install end: Wed Apr  4 15:53:37 CEST 2018
Post-install begin: Wed Apr  4 15:53:37 CEST 2018
BaseDir=/opt/Symantec
Performing new install post-install actions
Starting autoprotect (via systemctl): Job for autoprotect.service failed because the control process exited with error code. See "systemctl status autoprotect.service" and "journalctl -xe" for details. [FAILED]
symcfgd should not start at this time.
rtvscand should not start at this time.
smcd should not start at this time.
Post-install end: Wed Apr  4 15:53:38 CEST 2018

sepui-install.log
======================================================
Pre-install begin: Wed Apr  4 15:53:38 CEST 2018
Pre-install end: Wed Apr  4 15:53:38 CEST 2018
Post-install begin: Wed Apr  4 15:53:38 CEST 2018
BaseDir=/opt/Symantec
savuiDir=/opt/Symantec
Performing new install post-install actions
savtray: cannot connect to X server
Post-install end: Wed Apr  4 15:53:38 CEST 2018


sepfl-kbuild.log
Wed Apr  4 15:53:39 CEST 2018: starting to build kernel modules of SEP for Linux
Kernel release not specified. Build kernel modules for current kernel version 3.10.0-693.17.1.el7.x86_64
 does not exist
Wed Apr  4 15:53:39 CEST 2018: Build failed

[root@X ~]# systemctl status symcfgd
● symcfgd.service - LSB: Symantec AntiVirus Configuration Server
   Loaded: loaded (/etc/rc.d/init.d/symcfgd; bad; vendor preset: disabled)
   Active: active (running) since Wed 2018-04-04 15:53:42 CEST; 51min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4147 ExecStart=/etc/rc.d/init.d/symcfgd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/symcfgd.service
           └─4180 /opt/Symantec/symantec_antivirus/symcfgd -l info

Apr 04 15:53:39 X symcfgd[4180]: --- symcfgd started (pid 4180) ---
Apr 04 15:53:39 X symcfgd[4180]: symcfgd running as daemon
Apr 04 15:53:39 X symcfgd[4180]: listening on local socket (abstract): sym_config_ipc
Apr 04 15:53:42 X symcfgd[4147]: [31B blob data]
Apr 04 15:53:42 X systemd[1]: Started LSB: Symantec AntiVirus Configuration Server.
Apr 04 15:53:42 X symcfgd[4180]: subscriber 2 has left -- closed 0 remaining handles
Apr 04 15:53:43 X symcfgd[4180]: subscriber 3 has left -- closed 0 remaining handles
Apr 04 15:57:59 X symcfgd[4180]: subscriber 4 has left -- closed 0 remaining handles
Apr 04 15:57:59 X symcfgd[4180]: subscriber 8 has left -- closed 0 remaining handles
Apr 04 15:58:00 X symcfgd[4180]: subscriber 9 has left -- closed 0 remaining handles
[root@X ~]# systemctl status rtvscand
● rtvscand.service - LSB: Symantec AntiVirus Scanner
   Loaded: loaded (/etc/rc.d/init.d/rtvscand; bad; vendor preset: disabled)
   Active: active (running) since Wed 2018-04-04 15:53:42 CEST; 51min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4193 ExecStart=/etc/rc.d/init.d/rtvscand start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/rtvscand.service
           └─4216 /opt/Symantec/symantec_antivirus/rtvscand -l info

Apr 04 15:53:42 X systemd[1]: Starting LSB: Symantec AntiVirus Scanner...
Apr 04 15:53:42 X rtvscand[4216]: --- rtvscand started (pid 4216) ---
Apr 04 15:53:42 X rtvscand[4216]: rtvscand running as daemon
Apr 04 15:53:42 X systemd[1]: Started LSB: Symantec AntiVirus Scanner.
Apr 04 15:53:42 X rtvscand[4193]: [32B blob data]
Apr 04 15:53:43 X rtvscand[4216]: Symantec AntiVirus services startup was successful.
Apr 04 15:53:44 X rtvscand[4216]: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses unti...this computer.
Apr 04 15:53:44 X rtvscand[4216]: Download of virus definition file from LiveUpdate server succeeded.
Apr 04 15:53:47 X rtvscand[4216]: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses unti...this computer.
Apr 04 15:53:47 X rtvscand[4216]: Download of virus definition file from LiveUpdate server succeeded.
Hint: Some lines were ellipsized, use -l to show in full.
[root@X ~]# systemctl status smcd
● smcd.service - LSB: Symantec AntiVirus Scanner
   Loaded: loaded (/etc/rc.d/init.d/smcd; bad; vendor preset: disabled)
   Active: active (running) since Wed 2018-04-04 15:53:44 CEST; 51min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 4247 ExecStart=/etc/rc.d/init.d/smcd start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/smcd.service
           └─4280 /opt/Symantec/symantec_antivirus/smcd -l info

Apr 04 15:53:43 X systemd[1]: Starting LSB: Symantec AntiVirus Scanner...
Apr 04 15:53:44 X smcd[4280]: --- smcd started (pid 4280) ---
Apr 04 15:53:44 X smcd[4280]: smcd running as daemon
Apr 04 15:53:44 X smcd[4247]: [28B blob data]
Apr 04 15:53:44 X systemd[1]: Started LSB: Symantec AntiVirus Scanner.


[root@x ~]# systemctl status autoprotect.service
● autoprotect.service - LSB: Symantec AutoProtect Modules
   Loaded: loaded (/etc/rc.d/init.d/autoprotect; bad; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2018-04-04 15:53:39 CEST; 53min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 3828 ExecStart=/etc/rc.d/init.d/autoprotect start (code=exited, status=1/FAILURE)

Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-229.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-123.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-514.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-229.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-rh-ES-7-3.10.0-123.el7-x86_64.ko: Invalid parameters
Apr 04 15:53:39 X autoprotect[3828]: symev: unable to load kernel support module (UNSUPPORTED-OS-rh-ES-7-3.10.0-693.17.1.el7-x86_64)
Apr 04 15:53:39 X systemd[1]: autoprotect.service: control process exited, code=exited status=1
Apr 04 15:53:39 X systemd[1]: Failed to start LSB: Symantec AutoProtect Modules.
Apr 04 15:53:39 X systemd[1]: Unit autoprotect.service entered failed state.
Apr 04 15:53:39 X systemd[1]: autoprotect.service failed.

Hi,

Is there any way to prevent user from deleting confidential file...for example terminated staff should not delete files while leaving the oraganization.

We are currently blocking the transfer of information by usb.
and there was a problem with File Stream of Drive because drive creates a unit (G: for example) and when some user tries to pass information to that unit it is blocked by the DLP.

It is possible to create some exception for that unit.

I already try to create an exception by ID but that unit does not generate any ID.

Thank's.

I read on may other posts, and I have read and followed them, to either 

1. convert .gho to .vmdk (ghost32 -clone,mode=restore,src=FILENAME.GHO,dst=FILENAME.vmdk -batch -sure). from GHOSTERR.TXT: Error Number: (36000)Message:A signal or windows exception occurred.  it gets to 99% done and the Ghost GUI disappears; just disappears.  But does produce the GHOSTERR.TXT.    The resulting vmdk when placed in VMware, but VMware complains the disk is bad.

2. create vmdk right from ghost32.  The GUI just crashes, the command line (Ghost32 –clone,mode=create,src=1,dst=myimage.vmdk  -vmdk -sure) returns "invalid switch vmdk"

I verified my GSS 2.5 is v11.5.1.2266.   I created GBD vis GSS 2.5.   

I might buy GSS 3.2 JUST to get vmdk support.   but that is not right.  GSS 2.5 i paid for a WORKING ghost32.exe.  I should get one.  

I would like advice on how to trouble shoot the existing GSS 2.5 Ghost32.exe (from GHOSTERR.TXT: Version 11.5.1.2266 (Dec 24 2009, Build=2266))

Hi Team,

Does ghost not run on Server 2016 servers?  I have a member server (2016) with the console installed fine.  I have succcessfully installed the PXE components on a seperate server (2016) that is running DHCP.  The Altiris PXE Config Helper starts, but the MTFTP Server and PXE Server fail to start with a PXEService.exe application fault error.  I obviously cant start the pxe config tool b/c the pxe servers have not checked into the gss console.  

Hello All,

We are in the process of planning to upgrade our SEPM from 12.X to 14.X I have consolidated most of the steps down into a checklist with links to the pages for how to do the steps outlined to help keep things organized.

I did have a couple of questions that I am still a bit confused on.

1.) Space requirements - Is there a certain rule when it comes to disk space? Should it be roughly double what the current usuage is? Or does it not matter and ensure you have enough space for the install and files?

2.) Compatability - All of our clients are currently using 12.X and I want to ensure that there will be backwards compatability when we upgrade the server. So will the clients still be able to communicate with SEPM? We will upgrade the clients soon after but not all will get done immediately, obviously.

3.) Installation - To install, do you just take the install file from FileConnect and then run it on the server itself? Do I need to uninstall the old SEPM first?

4.) Policies - Should I export the policies so they can be imported into the new build? Or should will they be pulled in when I build the new server.

I have been doing a lot of reading on the KB and still haven't found a solid answer to all of my questions. Hopefully some of you can help me out.

I've scoured our forum resources as well as the Symantec KBs and documentation. I understand the the following are recommended to improve regex/regular expression performance:

• Look Ahead: (?=(?:[^-\w])|$)
• Look Behind: (?<=(^|(?:[^)+\d][^-\w+]))) and (?<=(^|(?:[^)+\d][^-\w+])|\t))

Here are some of the KBs and forum posts I have seen:

• https://support.symantec.com/en_US/article.TECH222152.html
• https://support.symantec.com/en_US/article.TECH219204.html
• https://www.symantec.com/connect/forums/expression-prefixsuffix

In Symantec's own KB (TECH222152) above, they recommed using PCRE compatible regex syntax. However, as far as I know, DLP uses Java. What's going on here?

Also, the recommended Look Behind seems to always "error out" using any of the regex tools, such as regexr.com or regex101.com. I always get a "lookbehind has to be fixed width" or a "positive lookbehind not supported in this flavor of regex."

Anyone have insights?

Thanks!

Nick

Hi,

I recently installed SEP 14 on windows 10, however after rebooting there is a warning that says "product requires attention", and in the system tray the SEP is in yellow exclamation (which shoul be in green) with a warning "There are multiple problems" is also displayed. When I open SEP, it is in green and says "Your computer is protected. No problems detected". I am just wondering why this warning constantly appears. I already tried re-installing the product but same problem occurs. Please help.

Hi All, we have two Scheduled Reports created by one of our admins. The two reports are using a filter, basically filtering Workstations and Servers into 2 reports. The filter is based on the clients Group location in SEPM.

What we havenoticed is that when the reports is sent to the distribution list of admins (admins email addresses listed in the send to field), the filter is not applying, in that all clients (Workstations and Servers) are appearing in the reports, so there is not separation of workstations and servers. We basically get 2 identical reports.

Also we have noticed that when anyone other that the admin that created the report the 2 reports filters shows as default, not the name of the filter that the creator of the report name the filter.

Has anyone else experienced this issue and have you found a solution or is it a known bug that Symantec need to resolve?

SEPM Version 14.0 RU1 MP1

TIA

Hi Team,

 S500-10

What is the proxySG forwarding host limit in the proxy.

How to check current forwarding host count in the proxy.

900-10B Model

What’s the current traffic SSL interception throughput – Show me where I can find in the box

What’s the maximum SSL interception throughput this model can support – Give me the value

Thanks,

Ram.

Hi,

The peer-to-peer downloading feature is an interesting new feature. I have it enabled since a couple of months ago and not seen any errors. However, now I wanted to test some need things where I would really like "to force" certain downloads to happen only in the local subnet.

Here the use case: Reinstalling a package server in a remote site and "prestaging" some of the large packages from another computer in the same network which has the package available.

I manged just fine for two packages but then the third package only started to download parts of the package and then stopped with an error:

Operation 'Direct: Get Block 0-10744' failed.
Protocol: HTTP
Host: IP-Address:56118
Path: /Altiris/AS/Pkg/e2307be18d070ef9e36f8568717d81b90a926fa2/cache/Applications/Conexant%20Audio%201%2C6%2C0%2C1/W10/HDAudioOEDrv/WoVartifacts/IntelKeywordDetectorAdapter/IntelKeywordDetectorAdapterProvider.not_dll
Connection Id: 6.3372
Communication profile Id: {11DF6FA9-FE84-470F-8390-0F6407576ABA}
Error type: HTTP error
Error code: HTTP status 404: The requested URL does not exist on the server or the server is down (0x8FA10194)
Error note: 404 Not Found

Has anyone seen similiar errors with P2P and has managed to fix this? Is there anywhere I can check the logs of the Altiris P2P "HTTP-Server"?

Stefan

I am trying to solve a  VIP issue - LDAP error Server Time Check. I have verified that both LDAP and VIP gateway has the same time and in the same timezone. Sync fails.  (LDAPSyncService,text=[LDAPSyncMgr:startLDAPSync] <<WARNING>> Error while doing server time check. Aborting Sync Operation.,op=Synchronization")    Please Help.

I am trying to solve a  VIP issue - LDAP error Server Time Check. I have verified that both LDAP and VIP gateway has the same time and in the same timezone. Sync fails.  (LDAPSyncService,text=[LDAPSyncMgr:startLDAPSync] <<WARNING>> Error while doing server time check. Aborting Sync Operation.,op=Synchronization")    Please Help.

Hi

I am trying to setup the reverse proxy on our SEPM server. I am using the procedure described here : https://support.symantec.com/en_US/article.HOWTO85034.html

/luproxy is responding when opening http://localhost:8014/luproxy/masttri.zip in browser but I am getting response

The access log from E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\logs shows 503 which is not really good ;>

127.0.0.1 - - [05/Apr/2018:12:52:40 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:01:07 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:02:36 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:03:52 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:04:05 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:06:39 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:10:13 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299
127.0.0.1 - - [05/Apr/2018:13:39:55 +0200] - "GET /luproxy/masttri.zip HTTP/1.1" 503 299

httpd.conf

[..]

Listen 8014

[..]

#AsyncSendFile anydirectory

AsyncSendFile givendirectory
ForceAsyncSendFile "E:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/Inetpub/content"

[..]

# SEPM_APACHE_AS_PROXY_START Preserve this line to maintain configuration across SEPM upgrades
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule setenvif_module modules/mod_setenvif.so
     
<IfModule mod_proxy.c>
  <IfModule mod_cache.c>
    <IfModule mod_cache_disk.c>
      <IfModule mod_setenvif.c>
        SetEnvIf Request_URI "/luproxy/" dolog
        SetEnvIf Request_URI "/luproxy/.*_livetri.zip" no-cache
        CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 25M" common env=dolog
      </IfModule>
      ProxyPass /luproxy/ http://liveupdate.symantecliveupdate.com/ retry=0 smax=0 ttl=60
      CacheRoot "cache-root"
      # CacheRoot is a path defined relative to "E:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/apache"

      CacheEnable disk /luproxy/
      CacheDirLevels 1
      CacheDirLength 5

      # directives to override any caching prohibitions in LiveUpdate content headers
      # see TECH230862
      CacheStoreNoStore On
      CacheIgnoreCacheControl On
      CacheStoreExpired On
      CacheIgnoreHeaders Cache-Control Pragma

      #allow downloads up to 1 GB
      CacheMaxFileSize 1000000000
    </IfModule>
  </IfModule> 
</IfModule>
# SEPM_APACHE_AS_PROXY_END Preserve this line to maintain configuration across SEPM upgrades

Our SEPM server has access to public internet only through proxy, SEPM is configured to use proxy but i am wondering if maybe a separete configuration is require for apache?! E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\cache-root is still empty, the service running "Symantec Endpoint Protection Manager Webserver" has full control on the folder

Thanks

On April 3, 2018 MS released an emergency update to address a critical security vulnerabilty in their "Microsoft Malware Protection Engine" that allows an attacker to execute remote code on a windows device (see CVE-2018-0986 link below). My question is; does SEP provide coverage for attacks utilizing this attack vector?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-...

Hello all,

I've been having ongoing issues with LiveUpdate Administrator on our server. Downloads and Distributions will continually fail. It also appears that the Production Default Distribution Center is using space on C drive that I would like to move. Is there any way that I can change where the clu-prod directory is located, without having to change the 5 servers that are communicating with LUA? We have specific firewall rules tha tallow them to come in on port 7070 so I would like to continue using that.

Thanks!

Dear All

   I would like try to access https website from Proxy by cmd  "test http get (website)

but when test with http website it ok i have received respond http code 200 proxy can get website

when i have test get https website i have received respond 302 redirect it not sure this respond proxy can get https website

please recommend how can i test get https website from proxy appliance.

Thank you so much for your help.

Best Regards,

Chakuttha R.

Hello all,

I've been having ongoing issues with LiveUpdate Administrator on our server. Downloads and Distributions will continually fail. It also appears that the Production Default Distribution Center is using space on C drive that I would like to move. Is there any way that I can change where the clu-prod directory is located, without having to change the 5 servers that are communicating with LUA? We have specific firewall rules tha tallow them to come in on port 7070 so I would like to continue using that.

Thanks!

Hi,

How to prevent word or acrobat reader from saving confidentil file to usb disk. we are able to prevent while copying the file from explorer to usb but when the file is open in the application and save it in the USB it didnt prevent. It is preventing while printing from word/acrobat reader.