I am trying to test Symantec Endpoint Protection Manager 12.1.6 installed on Windows with the protection client installed on a headless Linux machine.
I have generated the zip package from the SEPM and succesfully extracted it and installed the client on Ubuntu. I can see in SEPM that the Linux machine is succesfully connecting to the SEPM.
I have successfully connected to LiveUpdate and downloaded updates with
$ cd /opt/Symantec/symantec_antivirus/ $ sudo ./sav liveupdate -u
but when I try to load those updates in with
$ sudo ./sav definitions -u
I get the error that 'Scan engine is malfunctioning'.
I also see this error when I run
$ ./sav info -a
(If it helps track this down, if I run '$ sudo ./sav liveupdate -u' again I get the error again but with a typo 'Scan engine is malfunctionioning' (note the onion)).
Looking in /var/symantec/Logs/debug.log I also see the error:
-1300243648 ERROR smc.SmcIPCManager Could not contact savtray. err: -1
On reading the articles http://www.symantec.com/connect/articles/sav-linux... and https://support.symantec.com/en_US/article.TECH954... I thought perhaps I would need to compile my own version of Auto-Protect as the kernel for my Linux machine is 3.2.0-101-virtual.
(Full details from 'uname -a' are:
Linux vagrant-ubuntu-precise-32 3.2.0-101-virtual #141-Ubuntu SMP Thu Mar 10 22:39:01 UTC 2016 i686 i686 i386 GNU/Linux
)
So, I followed the instructions in the second article, using the build.sh file in the directory src/ap-kernelmodule-12.1.6867-6400/ from the unzipped package I got from the SEPM.
In case it's important, the only issue I had with the process was at the end when running
$ sudo /etc/init.d/rtvscand restart
rtvscand can't be stopped in order to be restarted.
I thought just restarting the actual Linux machine would do the job of restarting rtvscand, but I still see the 'Scan engine is malfunctioning' error.
Can anyone suggest what to try next?
Thanks