SISEVT and SISAP Module status is not loaded
search cancel

SISEVT and SISAP Module status is not loaded


Article ID: 268882


Updated On:


Endpoint Security Complete


You install the current Linux client and it says:

Agent installed successfully

Starting Agent..

Symantec Agent for Linux

Symantec Endpoint Protection (SEPM) <version>

Daemon status:

  cafagent             running

  sisamdagent          running

  sisidsagent          running

  sisipsagent          running

Module status:

  sisevt               not loaded

  sisap                not loaded

Error: suse kernel version <version>-default (<version>-default) is not supported

According to Supported kernels of Symantec Linux Agent ( the kernel should be supported.


Another potential indication of this issue seen in RHEL OS with Secure boot enabled, and both Modules are enrolled properly is below error message inside sisap_init logs:

insmod: ERROR: could not insert module /etc/symantec/sis/driver/<kernel version>/sisap-x86_64-default.ko.xz: Unknown symbol in module


kernel.kptr_restrict of 2 restricts exposed kernel pointer addresses access and prevents sisevt and sisap from loading properly.


Run: sudo sysctl kernel.kptr_restrict

If kernel.kptr_restrict is 2 ** Perform below steps

sudo vim /etc/sysctl.conf

Press insert and add one of the below entries

For no restriction:

For STIG rule ID SV-234861r622137_rule:

Save (Esc - wq!) 
Run Command 
sysctl -p /etc/sysctl.conf

Reboot the machine after above steps and run /usr/lib/symantec/ to check modules are running or not.