When attempting to install Symantec Endpoint Protection for Linux (SEPFL) on a machine using a supported kernel and operating system, you see the following error, "Kernel release not specified" when Auto-Protect is compiled.

Reviewing logs you find the following, located at /root.

sepfl-install.log: 

Starting autoprotect (via systemctl):  Job for autoprotect.service failed because the control process exited with error code. See "systemctl status autoprotect.service" and "journalctl -xe" for details.

[FAILED]

Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code

Auto-Protect source code package does not exist

Starting symcfgd (via systemctl):  [  OK  ]

symcfgd is started successfully.

Starting rtvscand (via systemctl):  [  OK  ]

rtvscand is started successfully.

Succeed to enable ap

AP status: Malfunctioning

sepfl-kbuild.log: 

starting to build kernel modules of SEP for Linux

Kernel release not specified. Build kernel modules for current kernel version 4.1.12-112.14.11.el7uek.x86_64

/lib/modules/4.1.12-112.14.11.el7uek.x86_64/build does not exist

Build failed

/usr/src/kernels points to a different kernel version then reported by the operating system or is blank.

Commonly this is because a system reboot is required for the new kernel version to update correctly and point /usr/src/kernels to the proper kernel version. During install the SEPFL install script looks to the kernel version located at the /usr/src/kernels directory. If the directory is blank and/or does not match the output from the uname -r command, this could be a likely cause for this issue.