search cancel

LiveUpdate fails after upgrading Endpoint Protection for Linux 14.2 MP1

book

Article ID: 174852

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After you perform an in-place upgrade of 14.2 MP1 to 14.2 RU1, you find that Symantec Endpoint Protection (SEP) for Linux clients are unable to process definition updates.

LUX log shows:

07:30:46.674852 [Session Results - START]
07:30:46.674960 Session Result Code: 0x00010000
07:30:46.675007 Session Result Message: OK
07:30:46.675060 [Component Result - START]
07:30:46.675102 Component ID: {9F634534-BAF4-444B-B823-F14C1C80A8FD}
07:30:46.675145 Display Name: Virus and Spyware Definitions for Linux
07:30:46.675188 PVL: SEPC Virus Definitions Linux 14.2_MicroDefsB.CurDefs_SymAllLanguages
07:30:46.675237 Result Code: 0x00010000
07:30:46.675279 Result Message: OK
07:30:46.675320 [Package Result - START]
07:30:46.675360 File: 1556711636jtun_sepflencful.m35
07:30:46.675406 Result Code: 0x80012000
07:30:46.675465 Result Message: UNKNOWN
07:30:46.675506 [Package Result - END]
07:30:46.675546 [Component Result - END]
07:30:46.675587 [Session Results - END]
07:30:46.675626 [Session Summary - START]
07:30:46.675666 Components: 1
07:30:46.675705 Packages: 1
07:30:46.675745 Success: 0
07:30:46.675803 Fail: 1
07:30:46.675844 [Session Summary - END]

Cause

Versions of SEP for Linux prior to 14.2 MP1 install RPM packages sav, savap(64) and savui. Starting with 14.2 MP1, sep, sepap(x64) and sepui RPM packages are installed instead.
When performing an upgrade from a pre-14.2 MP1 version to 14.2 MP1 or later, instead of performing an RPM upgrade, install.sh's UninstallDepRpm() function uninstalls the deprecated RPM packages and installs the new ones using InstallRpm(). As part of the uninstall, post-removal function postrm() is called, which deletes the avdefs group. It is then recreated as part of the installation of the new RPM packages.
However, if the upgrade is from 14.2 MP1 (which already uses the new package names) to a later version, then an issue in install.sh causes the avdefs group to be removed but not added back by the installation of the new RPM packages. The lack of the avdefs group causes the LiveUpdate process to fail.

Environment

  • SEP for Linux 14.2 RU1

Resolution

This will be fixed in 14.2_RU1_MP1, by adding the avdefs group when not present during the upgrade, checking the number of deprecated packages that are uninstalled as part of upgrade and removing the avdefs group only when at least one deprecated package is uninstalled.

In the meantime, you may work around this issue by either uninstalling SEP for Linux prior to the installation of 14.2 RU1, or by manually adding the avdefs group after its installation (using groupadd avdefs).