Symantec Endpoint Protection cafservicemain process produces SIGABRT core dump at service startup if FIPS mode is enabled

book

Article ID: 210124

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection cafservicemain process produces SIGABRT core dump at service startup if FIPS mode is enabled.

You may see the following information in the system logs:

Jan 19 10:29:37 rhel-8.local.test systemd[1]: cafdaemon.service: Main process exited, code=killed, status=6/ABRT
Jan 19 10:29:37 rhel-8.local.test systemd[1]: cafdaemon.service: Failed with result 'signal'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit cafdaemon.service has entered the 'failed' state with result 'signal'.
Jan 19 10:29:38 akm-rhel-8.akm.test systemd-coredump[1100544]: Process 694709 (cafservicemain) of user 1001 dumped core.

Cause

This issue is caused by an algorithm used by Symantec Endpoint Protection that is not compatible with FIPS mode.

Environment

This issue affects Red Hat Enterprise Linux  systems running with FIPS mode enabled.

This issue affects Symantec Endpoint Protection 14.3 RU1 and newer clients.

Resolution

Symantec Endpoint Protection 14.3 RU1 and newer is incompatible with Red Hat's FIPS mode must be disabled for Symantec Endpoint Protection to function.