• Error observed:

Daemon status:
  cafagent             running
  sisamdagent          running
  sisidsagent          running
  sisipsagent          running

Module status:
  sisevt               not loaded
  sisap                not loaded

• From the logs:

04/08/25 15:32:26: chk_extract_file.. sisevt-x86_64-default.ko
04/08/25 15:32:26: Symlink from  /etc/symantec/sis/driver/5.15.0-306.177.4.el8uek/sisevt-x86_64-default.ko to  /lib/modules/5.15.0-306.177.4.1.el8uek.x86_64/kernel/drivers/sisevt.ko
04/08/25 15:32:26: Loading sisevt module. 
** running: insmod sisevt.ko  
insmod: ERROR: could not insert module /etc/symantec/sis/driver/5.15.0-306.177.4.el8uek/sisevt-x86_64-default.ko: Operation not permitted
04/08/25 15:32:30: sisevt.init: error loading Symantec Agent for Linux EVT driver

• Fresh installation of Symantec Endpoint Protection (SEP) 14.3 RU8/9 also shows the same issue
• The issue persists even after configuring 
  kernel.kptr_restrict=0

Reference : SISEVT and SISAP Module status is not loaded

SEP Linux and Falcon conflicts with newer Linux kernel as the sisevt module starts using ftrace hook due to a kernel structure change.

This issue is under investigation and article will be updated as fixed.

Workaround : Remove the Falcon agent and SEP module should load.