Can not start Auto-Portect on Symantec Endpoint Protection Client for Linux

book

Article ID: 211641

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When Symantec Endpoint Protection Client for Linux(A.K.A. SEPFL) is installed on my Linux system, it failed to load Auto-Protect module.
following error occurred in service status:

# systemctl status autoprotect

‚óŹ autoprotect.service - LSB: Symantec AutoProtect Modules
   Loaded: loaded (/etc/rc.d/init.d/autoprotect; generated)
   Active: failed (Result: exit-code) since DateTime information
     Docs: man:systemd-sysv-generator(8)
  Process: PID ExecStart=/etc/rc.d/init.d/autoprotect start (code=exited, status=1/FAILURE)

  Datetime Host systemd[1]: Starting LSB: Symantec AutoProtect Modules...
  Datetime Host autoprotect[28726]: CONFIG_RETPOLINE=y
  Datetime Host autoprotect[28726]: Starting AP: insmod: ERROR: could not insert module /opt/Symantec/autoprotect/symev-custom-4.18.0-80.el8-x86_64>
  Datetime Host autoprotect[28726]: <11>Jun 22 18:11:44 symev: unable to load kernel support module (UNSUPPORTED-OS-ct-UNK-UNK-4.18.0-80.el8-)
  Datetime Host systemd[1]: autoprotect.service: Control process exited, code=exited status=1
  Datetime Host systemd[1]: autoprotect.service: Failed with result 'exit-code'.
  Datetime Host systemd[1]: Failed to start LSB: Symantec AutoProtect Modules.

Cause

SEP is not compatible with SecureBoot.
SecureBoot blocks load our Auto-Protect kernel module.

Environment

Release : 14.3 MP1  or previous 

Component : Symantec Endpoint Protection client For Linux 

Resolution

Please disable SecureBoot on OS side

Additional Information

If SEPFL version is 14.3 RU1 or later, you may be able to see following status in checking status.

Module status:
  sisevt               not loaded
  sisap               not loaded