Symantec has discovered two related defects in the SCSP agent software for UNIX and Linux systems:
Affected Operating systems: All UNIX and Linux
Affected Symantec Critical System Protection versions: All 5.2.x (5.2 RUx). This issue is fixed in 5.2 RU9 MP1.
Conditions for high memory usage to occur (All conditions below must exist)
Conditions for missing IDS file watch events: (All conditions below must exist)
In the immediate term, if you are impacted, Symantec recommends that you evaluate your File Watch policies to see if it is possible to modify them according to the following information.
To address the issue where excess files are monitored:
To address the issue where some files are not being monitored:
NOTE: The fix for both issues is included in the 5.2 RU9 MP1 release. If a full upgrade is not possible, the SCSP 5.2.8 MP4 HF1 hotfix can be found here:
Who Is Not Impacted
Who is Impacted