Beginning with Symantec Endpoint Protection Client for Linux 14.3 RU3, supported Linux versions can be configured to send Network events to Symantec Endpoint Detection and Response (EDR).
Red Hat Enterprise Linux (RHEL) versions 8.7 and 9.1 are not properly sending EDR network events.
There may be some events at the start of a session, but soon after, no events will be sent from the client.
Broadcom Engineering has completed its investigation on the open source code for RHEL 9.1 and RHEL 8.7 and determined that a code defect in these distributions has caused the unwanted behavior. The impacted versions are
4.18.0-425.x (RHEL 8.7)
5.14.0-162.x (RHEL 9.1 and Rocky9U1)
There can be initial events sent from these kernel versions.
Broadcom recommends not to use the affected versions if reliable network events are desired. No other work has been undertaken for other potential issues, the effect of the third-party defect is only detailed with regard to EDR network events. There are no known workarounds or fixes.
Affected versions as of date of publishing:
|Distro||EDR Network Events||Notes|
|RHEL 9.1||Impacted||Latest version|
|RHEL 9.0 (and below)||Not impacted|
|RHEL 8.7||Impacted||Latest version|
|RHEL 8.6 (and below)||Not impacted|
|RHEL 7 (all versions)||Not impacted|
|RHEL 6 (all versions)||Not impacted|
|Ubuntu 22.04||Not impacted|
|Ubuntu 20.04||Not impacted|
|Ubuntu 18.04||Not impacted|
|Ubuntu 16.04||Not impacted|
|Amazon Linux 2||Not impacted|
|SLES 15||Not impacted|
|SLES 12||Not impacted|
|Oracle Linux 8||Not impacted|
|Oracle Linux 7||Not impacted|
|Oracle Linux 6||Not impacted|
This list may not be fully inclusive of every affected kernel and may be updated in the future.