SEP for Linux (Symantec Endpoint Protection) Auto-Protect kernel modules fail to load or compile on Debian GNU/Linux 8
When running install.sh:
Build Auto-Protect kernel modules from source code failed with error: 1
entries from /var/log/syslog:
autoprotect: Starting AP: symev: unable to load kernel support module (UNSUPPORTED-OS--UNK-UNK-3.16.0-4-amd64-)
symev: unable to load kernel support module (UNSUPPORTED-OS--UNK-UNK-3.16.0-4-amd64-)
sepfl-kbuild.log (for example):
ln: failed to create symbolic link ‘/lib/modules/3.16.0-4-amd64/build/include/linux/version.h’: No such file or directory
Could not detect the file /lib/modules/3.16.0-4-amd64/build/include/linux/version.h.
Fri Jan 20 11:19:50 PST 2017: Build failed
Atempting to work around version.h error above by creating a symlink allows build to proceed further, but still fails:
error: incompatible types when assigning to type ‘unsigned int’ from type ‘atomic_t’
evp->file_mmap_writable = SYM_I_MMAP_WRITABLE(dentry->d_inode->i_data.i_mmap_writable);
After patching to kernel 3.16.0-6-amd64 on SEP14 RU1 MP1, auto protect no longer initializes after re-compiling with the following error:
could not insert module /opt/Symantec/autoprotect/symev-custom-3.16.0-6-amd64-x86_64.ko: *Module has wrong symbol version*
SEP 12.1.x for Linux is not currently compatible with Debian versions newer than 6.0.5 "Squeeze".
SEP 14 for Linux is compatible, however. See: Supported Linux kernels for Endpoint Protection 14
Linux kernel 3.16.0-6-amd64 on SEP14 RU1 MP1 Doesn't have a Autocompile available yet
Upgrade to SEP 14.
Symantec is otherwise investigating the possibility of including modern Debian compatibility in the next release of SEP 12.1 for Linux.
Manual Compile for kernel 3.16.0-6-amd64 on SEP14 RU1 MP1