List of Symantec Endpoint Protection 14 antivirus client commands in Linux and few errors along with their possible solutions
In this article, we will walk you through few SEP 14 antivirus agent commands which will help you troubleshoot your issues related to it and then we will give solutions to some frequently seen errors.
Symantec Endpoint Protection 14 Linux client commands
How to restart SEP 14 Linux client processes
Stop SEP 14 Linux client using single command below –
1 2 3 4 5 6 7 8 | [root@kerneltalks tmp]# /etc/init.d/symcfgd stop Stopping smcd: .. done Stopping rtvscand: .. done Stopping symcfgd: . done |
Start SEP 14 Linux client using below commands in the given order –
1 2 3 4 5 6 7 8 9 10 | [root@kerneltalks tmp]# /etc/init.d/symcfgd start Starting symcfgd: done [root@kerneltalks tmp]# /etc/init.d/rtvscand start Starting rtvscand: done [root@kerneltalks tmp]# /etc/init.d/smcd start Starting smcd: done |
How to uninstall SEP 14 client from Linux machine
1 2 3 4 | [root@kerneltalks tmp]# cd /opt/Symantec/symantec_antivirus [root@kerneltalks symantec_antivirus]# ./uninstall.sh |
All the below commands are of binary sav which is located in /opt/Symantec/symantec_antivirus
Display auto-protect module state
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav info -a Enabled |
Display virus definition status
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav info -d 11/24/2019 rev. 2 |
Check if the client is Self-managed or being managed from the SEPM server. The output is server hostname or IP who is managing the client.
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav manage -s syman01 |
Display the management server group to which the current client belongs.
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav manage -g My Company\Default Group |
Run immediate virus definition update
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav liveupdate -u Update was successful |
Triggers the heartbeat immediately and download the profile from SEPM server
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav manage -h Requesting updated policy from the Symantec Endpoint Protection Manager ... |
Import sylink file in the client
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav manage -i /tmp/sylink.xml Imported successfully. |
Now, let’s look at a few errors and their possible solutions –
SAV manage server is offline
1 2 3 4 | [root@kerneltalks symantec_antivirus]# ./sav manage -s Offline |
This means your client is not able to communicate with the SEPM server. Make sure there is no firewall ( internal to OS like iptables or external ) is blocking the traffic. Also, you have proper proxy configurations in place. If its internal server make sure you excluded it from proxy as no_proxy hosts.
Refer SEP communication ports here which will help you drill down communication issues.
LiveUpdate fails
Best way to troubleshoot LiveUpdate issues is to go through the log file /opt/Symantec/LiveUpdate/Logs/lux.log. It has a descriptive message about the error which helps to quickly drill down to the problem.
1 2 3 4 5 6 | [[email protected] symantec_antivirus]# ./sav liveupdate -u sep::lux::Cseplux: Failed to run session, error code: 0x80010830 Live update session failed. Please enable debug logging for more information Unable to perform update |
Or error logged in lux.log file as below –
1 2 3 4 | Result Message: FAIL - failed to select server Status Message: Server was not selected |
The client is unable to reach the LiveUpdate server or LiveUpdate Administrator i.e. LUA. Again same troubleshooting steps as above.
Share Your Comments & Feedback: