After following the instructions in the article How to install Symantec AntiVirus for Linux on Ubuntu, Auto-Protect is not enabled.
Some kernels are supported by the install packages supplied with Symantec AntiVirus for Linux (SAVFL), and Auto-Protect will function immediately. Some are not and require an extra, manual step. (See System requirements for Symantec AntiVirus for Linux 1.0 for details on kernels currently supported.) As of SAVFL version 1.0.8, it is possible to compile and install Auto-Protect kernel modules for Linux versions that are not otherwise supported by Symantec.
For details, consult the README that comes in the source tarball (e.g. ap-kernelmodule-1.0.10-26.tar.gz) for Auto-Protect.
The steps for Ubuntu can be summarized as follows:
Run build.sh as follows from a terminal window, where /path/to/expanded/folder is where build.sh is located, i.e. /home/user/Desktop/ap-kernelmodule-1.0.10-26:
sudo ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
A message will be displayed indicating that the build was successful.
Auto-Protect should function normally after this operation is complete. Downloading an eicar test file will trigger a detection.
If the if-then statement is not modified as described, you may get an error similar to the following when running build.sh (Ubuntu 8.04 -- Hardy):
CFLAGS was changed in "/home/admin/Desktop/sav-linux-1.0.8-17/ap-kernelmodule-1.0.8-17/symev/Makefile". Fix it to use EXTRA_CFLAGS.