Symantec Endpoint Protection (SEP) for Linux clients malfunction after updating via 'dnf' command leading to services failing to start and kernel modules not loading. 

SEP 14.3 RU9 +

This behavior occurs because updating the RPM packages directly via the 'dnf update' command bypasses critical environmental prerequisites and initialization sequences required by the Symantec agent.

While 'dnf' successfully replaces the RPM binaries, it does not trigger the necessary pre-installation hooks, system state validations, and service management tasks handled by the Symantec installation script.

When the update is performed strictly via 'dnf', the following occurs:

• Service Misconfiguration: The agent defaults to legacy init.d scripts rather than correctly integrating with systemd, leading to sisamdagent failing with an exit-code.

• Missing Dependencies: Critical initialization steps (like updating sdcss-scripts first) are not sequenced correctly.

• Security Conflicts: If IPS prevention is active or SELinux is in enforcing mode without the script's temporary adjustments, the RPM installation may be corrupted or blocked from placing files in protected directories.

To resolve this issue and prevent future malfunctions, customers must use the official Symantec installation script instead of native package manager commands for upgrades.
/usr/lib/symantec/installagent.sh

This is the intended design of the product; using the script ensures that all kernel modules (sisap, sisevt) and daemons are correctly initialized and registered with the OS.