Sisevt and sisap modules are not loading due to unsupported kernel version after offline client package installation.
search cancel

Sisevt and sisap modules are not loading due to unsupported kernel version after offline client package installation.


Article ID: 269099


Updated On:


Endpoint Protection


After installing the Dark Network SEP Linux client on your endpoint, the status shows that the Sisevt and Sisap modules are unsupported for kernel version despite having supported kernel version of Symantec Linux Agent.

Daemon status:
  cafagent             running
  sisamdagent          running
  sisidsagent          running
  sisipsagent          running

Module status:
  sisevt               not loaded (kernel not supported)
  sisap                not loaded (kernel not supported)


Red Hat Enterprise Linux 8.

Dark Network Client.

14.3 RU6.


When checking the sisap and sisevt logs you can see the following:

06/28/23 11:26:37: SecureBoot state: SecureBoot enabled
06/28/23 11:26:37: MOK key enrollment status: /usr/lib/symantec/sdcssagent/driver/sis-key.der is already enrolled
06/28/23 11:27:07: sisap module unsupported for kernel version 4.18.0-477.13.1.el8_8.x86_64.

Check if you have old KMOD packages in your local repository.

Within the GetAgentInfo Logs check the sisap and sisevt_kernels.txt log for a matching kernel version.

4.18.0-425.3.1.el8:4.18.0-425.3.1.el8   # RHEL 8.7
4.18.0-425.*el8:4.18.0-425.10.1.el8_7   # RHEL 8.7 patch1
# OEL8 UEK kernels
5.4.17-2011.*el8uek:5.4.17-2011.0.7.el8uek    #OEL8 UEK R6


To update kernel modules in a restricted environment with no Internet connection follow these steps below.

Method 1: 

1. Manually transfer the latest KMOD package to a system that has no Internet connection, attach the KMOD package to the LinuxInstaller, and then run the LinuxInstaller.
    a.    On a system that has Internet connection, download the KMOD package. 
      i.    ./LinuxInstaller -d
    b.    Manually copy and paste the KMOD package to the agent that you want to upgrade.
    c.    List the attached packages. 
      i.    ./LinuxInstaller -l
    d.    Attach the new KMOD package to the LinuxInstaller. 
      i.    tar czf - [KMOD-package-name] >> LinuxInstaller
    e.    Make sure that the new KMOD package is included in the list of attached packages. 
      i.    ./LinuxInstaller -l
    f.    Run the installer to update the kernel modules. 
      i.    ./LinuxInstaller -- --update-kmod

Method 2:

2. Set up a local repository and edit the repository settings so that the agent uses the local repository instead of the default Symantec repository.
   a.    Set up the local repository that hosts the KMOD packages. 
     i.    For information about how to create a local repository, refer to documentation of the respective Linux distribution that you are using.
   b.    On the client computer, run the following command to redirect it to use the local repo: 
     i.    ./LinuxInstaller --local-repo <localrepo_url>
    ii.    Example of the URL: --local-repo 'http://<repo_ip_or_hostname:<port_optional>/sep_linux'
  c.    To update the KMOD, run: 
    i.    ./LinuxInstaller -- --update-kmod

More information can be found here:

Additional Information

Supported kernels of Symantec Linux Agent