After installing the Dark Network SEP Linux client on your endpoint, the status shows that the Sisevt and Sisap modules are unsupported for kernel version despite having supported kernel version of Symantec Linux Agent.
Daemon status:
cafagent running
sisamdagent running
sisidsagent running
sisipsagent running
Module status:
sisevt not loaded (kernel not supported)
sisap not loaded (kernel not supported)
Red Hat Enterprise Linux 8.
Dark Network Client.
14.3 RU6.
When checking the sisap and sisevt logs you can see the following: 06/28/23 11:26:37: SecureBoot state: SecureBoot enabled
06/28/23 11:26:37: MOK key enrollment status: /usr/lib/symantec/sdcssagent/driver/sis-key.der is already enrolled
06/28/23 11:27:07: sisap module unsupported for kernel version 4.18.0-477.13.1.el8_8.x86_64.
Check if you have old KMOD packages in your local repository.
Within the GetAgentInfo Logs check the sisap and sisevt_kernels.txt log for a matching kernel version.
Example:4.18.0-425.3.1.el8:4.18.0-425.3.1.el8 # RHEL 8.7
4.18.0-425.*el8:4.18.0-425.10.1.el8_7 # RHEL 8.7 patch1
# OEL8 UEK kernels
5.4.17-2011.*el8uek:5.4.17-2011.0.7.el8uek #OEL8 UEK R6
To update kernel modules in a restricted environment with no Internet connection follow these steps below.
Method 1:
1. Manually transfer the latest KMOD package to a system that has no Internet connection, attach the KMOD package to the LinuxInstaller, and then run the LinuxInstaller.
a. On a system that has Internet connection, download the KMOD package.
i. ./LinuxInstaller -d
b. Manually copy and paste the KMOD package to the agent that you want to upgrade.
c. List the attached packages.
i. ./LinuxInstaller -l
d. Attach the new KMOD package to the LinuxInstaller.
i. tar czf - [KMOD-package-name] >> LinuxInstaller
e. Make sure that the new KMOD package is included in the list of attached packages.
i. ./LinuxInstaller -l
f. Run the installer to update the kernel modules.
i. ./LinuxInstaller -- --update-kmod
Method 2:
2. Set up a local repository and edit the repository settings so that the agent uses the local repository instead of the default Symantec repository.
a. Set up the local repository that hosts the KMOD packages.
i. For information about how to create a local repository, refer to documentation of the respective Linux distribution that you are using.
b. On the client computer, run the following command to redirect it to use the local repo:
i. ./LinuxInstaller --local-repo <localrepo_url>
ii. Example of the URL: --local-repo 'http://<repo_ip_or_hostname:<port_optional>/sep_linux'
c. To update the KMOD, run:
i. ./LinuxInstaller -- --update-kmod
More information can be found here: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Installing-the-Symantec-Agent-and-enrolling-devices/Updating-kernel-modules-for-the-Symantec-Endpoint-Protection-Linux-client.html