search cancel

Endpoint Security Linux agent sisamddaemon service is stopped after a definitions update.

book

Article ID: 202815

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete Endpoint Security for Servers

Issue/Introduction

After a successful Live Update process the sisamddaemon service is stopped.

Environment

Release : Symantec Endpoint Security

Component : Linux agent

Cause

sisamd_0.log

<Date/Time>: <info> [NotifyAction::NotifyAntiMalwareCollector]:382 MERR...Antimalware service restart triggered by Live Update

...

<Date/Time>: <info> [AMDAgent::run]:630 Trying to stop AV engine
<Date/Time>: <info> [AMDAgent::run]:634 AV Engine shutdown successful
<Date/Time>: <info> [AMDMain::RunAgent]:314 Shutdown of sisamddaemon completed. Exit Status 69

There is no indication in client logging or system message logs that show an attempt to restart the service.

The issue is related to the RHEL6 init service script for the AMD daemon not getting redirected to use the upstart subsystem properly. Because of this the service was is not able to start after the LU triggered a service restart.

Resolution

This is fixed in 14.3 RU1.  Please make sure to upgrade to the latest client.  To work around this issue, run  `service sisamdagent start` on RHEL6 systems.