search cancel

SEP Linux agent fails to upload the some detection events to the SEPM

book

Article ID: 255277

calendar_today

Updated On:

Products

Endpoint Security Endpoint Protection

Issue/Introduction

In an environment using the Linux agent included in Symantec Endpoint Protection (SEP) 14.3 RU1 or later, a virus is detected, but the record isn't sometimes uploaded to Symantec Endpoint Protection Manager (SEPM). So the the risk log cannot be confirmed on SEPM console. Also, although the log of the start of the scheduled scan is recorded, the log at the time of completion is not uploaded, so it seems that the scan is continuing and the next scheduled scan started.

I would like to know the reason why the log cannot be checked normally on the SEPM console.

Environment

Release : 14.3 RU1 or later

Resolution

When the Linux agent sends risk logs, it attempts to send them to the SEPM with the connection information registered in the Sylink.xml file created according to the settings in the management server list assigned to the group the agent belongs to.

If due to any reason, risk log upload fails, we do not retry to upload the logs which failed to upload previously. 
Therefore, if the connection destination selected after risk detection cannot communicate, the log will be missing.

This issue occurs only with the logs contained in AVMan.log.

Additional Information

CRE-10789
CRE-11666