Symantec Endpoint Protection (SEP) LiveUpdate fails to update definitions when installed on a Linux system that uses an XFS file system that contains 64-bit inodes.
Defutils logging (disabled by default) shows an issue with applying definitions, similar to the following:
0xffe54150 CDefUtil::RestoreDirPermissions() - going to assign the avdefs group and 0660 permissions to contents of /opt/Symantec/virusdefs/binhub 0xffe54150 CDefUtil::PostMicroDefUpdateInternal() - ApplyPatch (PatchDir: /opt/Symantec/virusdefs/tmp34391415, SrcDir: /opt/Symantec/virusdefs/binhub, DestDir: /opt/Symantec/virusdefs/tmp4e34ed93) failure
When you run
./sav liveupdate -u, the client may also report that LiveUpdate is not installed if the file system hosting the file /opt/Symantec/LiveUpdate/jlu.jar utilizes a 64-bit inode value (an inode value above 4294967296).
The output of the command
mount shows something similar to 'type xfs (...,inode64,...)' next to any XFS file systems that contain inode64 attributes.
Symantec Endpoint Protection 12.1.x and Symantec Endpoint Protection 14.0.x do not currently support XFS file systems that contain inode64 attributes.
Support for inode64 is added with Symantec Endpoint Protection 14.2 MP1. See Related Articles.
Otherwise, reinstall Symantec Endpoint Protection on a file system that only uses 32-bit inode values.
Note: Linux file systems are often divided into multiple volumes mounted in seperate folders. Using 32-bit inode values only within /opt/Symantec/ is NOT sufficient. Symantec Endpoint Protection also requires 32-bit inode values for any other system folders and volume(s) that Symantec Endpoint Protection is expected to operate on.