SISEVT and SISAP are not loaded but the daemon status are showing as running
search cancel

SISEVT and SISAP are not loaded but the daemon status are showing as running

book

Article ID: 239014

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SISEVT and SISAP are not loaded but the daemon status on the clients are showing as running.

Error: sisevt.init: error loading Symantec Agent for Linux EVT driver
Error: sisap.init: error loading Symantec Agent for Linux AP driver

Environment

14.3 RU1 and later 

Cause

SEP/SES doesn't support debug kernels.

agent_install.log:

Error 2 running: ls -1d /opt/Symantec/sdcssagent/IPS/rpc/* Starting installation of kmod package version: 10.0.2.1246 Using response file /etc/sisips/sdcss-agent.response #--- Start kmod package post installation <pid=8249> ------- install_kmod.. querying previous driver versions install_kmod.. running driver setup driver_version: Unable to identify driver file for "sisevt" Pre-install KMOD version file missing, could not update correct KMOD release in sis-version.properties

SISEVT_INIT.log:

selinux_label_driver: using default value for selinux file selinux relabeling /etc/symantec/sis/driver ... Symlink from /etc/symantec/sis/driver/3.10.0-1160.el7/sisevt-x86_64-debug.ko.xz to /lib/modules/3.10.0-1160.42.2.el7.x86_64.debug/kernel/drivers/sisevt.ko.xz driver_version: Unable to identify driver file for "sisevt" driver_version: Unable to identify driver file for "sisevt"

SISAP_INIT.log:

selinux relabeling /etc/symantec/sis/driver ... Symlink from /etc/symantec/sis/driver/3.10.0-1160.el7/sisap-x86_64-debug.ko.xz to /lib/modules/3.10.0-1160.42.2.el7.x86_64.debug/kernel/drivers/sisap.ko.xz Cannot find driver file 3.10.0-1160.el7/sisap-x86_64-debug.ko.xz Cannot find driver file 3.10.0-1160.el7/sisap-x86_64-debug.ko.xz Cannot find driver file 3.10.0-1160.el7/sisap-x86_64-debug.ko.xz driver_version: Unable to identify driver file for "sisap" driver_version: Unable to identify driver file for "sisap" driver_version: Unable to identify driver file for "sisap"

Resolution

To work around this issue: 

  1. Check the kernel if it is a debug or a non-debug kernel If it is a debug kernel,
  2. End user needs to switch to non-debug kernel

    The following command will help to check if it is a Debug or non-debug kernel      
    uname -a cat /etc/release   (For example :3.10.0-1160.21.1.el7.x86_64.debug #1 SMP Mon Feb 22 18:10:08 EST 2021 x86_64 x86_64 x86_64 GNU/Linux)

  3. If it is a non-debug kernel , please check if secure boot is enabled or disabled , the secure boot must be in disabled state

Symantec is aware and is investigating this issue. This KB document will be updated when a fix is released.

Additional Information

SEP/SES doesn't support debug kernels.