search cancel

SISEVT and SISAP are not loaded but the daemon status are showing as running

book

Article ID: 239014

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SISEVT and SISAP are not loaded but the daemon status on the clients are showing as running.

Cause

SEP/SES doesn't support debug kernels.

agent_install

**************

Error 2 running: ls -1d /opt/Symantec/sdcssagent/IPS/rpc/* Starting installation of kmod package version: 10.0.2.1246 Using response file /etc/sisips/sdcss-agent.response #--- Start kmod package post installation <pid=8249> ------- install_kmod.. querying previous driver versions install_kmod.. running driver setup driver_version: Unable to identify driver file for "sisevt" Pre-install KMOD version file missing, could not update correct KMOD release in sis-version.properties

SISEVT_INIT:

********** selinux_label_driver: using default value for selinux file selinux relabeling /etc/symantec/sis/driver ... Symlink from /etc/symantec/sis/driver/3.10.0-1160.el7/sisevt-x86_64-debug.ko.xz to /lib/modules/3.10.0-1160.42.2.el7.x86_64.debug/kernel/drivers/sisevt.ko.xz driver_version: Unable to identify driver file for "sisevt" driver_version: Unable to identify driver file for "sisevt"

SISAP_INIT:

********* selinux relabeling /etc/symantec/sis/driver ... Symlink from /etc/symantec/sis/driver/3.10.0-1160.el7/sisap-x86_64-debug.ko.xz to /lib/modules/3.10.0-1160.42.2.el7.x86_64.debug/kernel/drivers/sisap.ko.xz Cannot find driver file 3.10.0-1160.el7/sisap-x86_64-debug.ko.xz Cannot find driver file 3.10.0-1160.el7/sisap-x86_64-debug.ko.xz Cannot find driver file 3.10.0-1160.el7/sisap-x86_64-debug.ko.xz driver_version: Unable to identify driver file for "sisap" driver_version: Unable to identify driver file for "sisap" driver_version: Unable to identify driver file for "sisap"

Environment

14.3 RU1 and later 

Resolution

To work around this issue: 

  1. Check the kernel if it is a debug or a non-debug kernel If it is a debug kernel,
  2. End user needs to switch to non-debug kernel

    The following command will help to check if it is a Debug or non-debug kernel uname -a cat /etc/release
    (For example :3.10.0-1160.21.1.el7.x86_64.debug #1 SMP Mon Feb 22 18:10:08 EST 2021 x86_64 x86_64 x86_64 GNU/Linux)

  3. If it is a non-debug kernel , please check if secure boot is enabled or disabled , the secure boot must be in disabled state

Symantec is aware and is investigating this issue.  This KB document will be updated when a fix is released.

Additional Information

SEP/SES doesn't support debug kernels.