search cancel

Hang or crash when installing Endpoint Protection 14.2 RU1 on Red Hat Enterprise Linux 7.6 or similar

book

Article ID: 174759

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You start the installation of Symantec Endpoint Protection (SEP) for Linux 14.2 RU1 (14.2.3332.1000) on a version 7.6 Red Hat-based Linux distribution with kernel 3.10.0-957.12.1.el7.x86_64 –a result of the April 23, 2019 Red Hat Security Advisory (RHSA) 2019:0818– or 3.10.0-957.12.2.el7.x86_64. 

After the core SEP package is succesfully installed, the system hangs or crashes when attempting to install the Auto-Protect kernel module. While it is possible to log in again after a reboot, the output of systemctl status autoprotect.service -l shows it is inactive (dead).

Red Hat-based Linux distributions include Red Hat Enterprise Linux (RHEL), the Community Enterprise Operating System (CentOS) and Oracle Linux (OL). The latter is only affected when using the Red Hat kernel instead of Oracle's default Unbreakable Enterprise Kernel (UEK).

[[email protected] sep-rpm_14.2.3332]# ./install.sh -i
Starting to install Symantec Endpoint Protection for Linux
Performing pre-check...
Warning:        X11 libraries are missing, GUI component will not be installed!
Pre-check succeeded
Begin installing virus protection component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:sep-14.2.3332-1000               ################################# [100%]
Virus protection component installed successfully
Begin installing Auto-Protect component
Preparing...                          ################################# [100%]
Performing pre-check...
Pre-check is successful
Updating / installing...
   1:sepap-x64-14.2.3332-1000         ################################# [100%]

Environment

  • RHEL, CentOS or OL 7.6
  • SEP for Linux 14.2 RU1

Resolution

This issue is fixed in Symantec Endpoint Protection 14.2.2.0 (RU2)  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

This issue appears to have been resolved in RHEL 7.6 with the release of kernel 3.10.0-957.21.2.el7.x86_64.

The 12.2 kernel update is available for CentOS 7.6 but does not resolve the symptoms.

You may work around this by pre-compiling the SEP autoprotect modules per instructions in How to manually install Endpoint Protection for Linux.

With SEP 14.2 RU1 for Linux successfully installed you would also need to pre-compile those modules before rebooting to a different kernel otherwise the system may crash or hang again when loading autoprotect. For example, if updating kernel from 3.10.0-957.12.1 to 3.10.0-957.12.2 then install new kernel, kernel-devel, and kernel-headers and before rebooting run:

cd /path/to/expanded/sep-rpm/src/ap-kernelmodule/
sudo ./build.sh --kernel-rel 3.10.0-957.12.2.el7.x86_64