List of Symantec Endpoint Protection 14 antivirus client commands in Linux and few errors along with their possible solutions
In this article, we will walk you through few SEP 14 antivirus agent commands which will help you troubleshoot your issues related to it and then we will give solutions to some frequently seen errors.
Symantec Endpoint Protection 14 Linux client commands
How to restart SEP 14 Linux client processes
Stop SEP 14 Linux client using single command below –
[root@kerneltalks tmp]# /etc/init.d/symcfgd stop Stopping smcd: .. done Stopping rtvscand: .. done Stopping symcfgd: . done
Start SEP 14 Linux client using below commands in the given order –
[root@kerneltalks tmp]# /etc/init.d/symcfgd start Starting symcfgd: done [root@kerneltalks tmp]# /etc/init.d/rtvscand start Starting rtvscand: done [root@kerneltalks tmp]# /etc/init.d/smcd start Starting smcd: done
How to uninstall SEP 14 client from Linux machine
[root@kerneltalks tmp]# /opt/Symantec/symantec_antivirus/uninstall.sh Are you sure to remove SEP for Linux from your machine? WARNING: After SEP for Linux is removed, your machine will not be protected. Do you want to remove SEP for Linux? Y[es]|N[o]: N Y Starting to uninstall Symantec Endpoint Protection for Linux Begin removing GUI component GUI component removed successfully Begin removing Auto-Protect component symcfgd is running rtvscand is not running smcd is not running Auto-Protect component removed successfully Begin removing virus protection component smcd is running rtvscand is running symcfgd is running Virus protection component removed successfully Uninstallation completed The log file for uninstallation of Symantec Endpoint Protection for Linux is under: /root/sepfl-uninstall.log
All the below commands are of binary
sav which is located in
Display auto-protect module state
[root@kerneltalks symantec_antivirus]# ./sav info -a Enabled
Display virus definition status
[root@kerneltalks symantec_antivirus]# ./sav info -d 11/24/2019 rev. 2
Check if the client is Self-managed or being managed from the SEPM server. The output is server hostname or IP who is managing the client.
[root@kerneltalks symantec_antivirus]# ./sav manage -s syman01
Display the management server group to which the current client belongs.
[root@kerneltalks symantec_antivirus]# ./sav manage -g My Company\Default Group
Run immediate virus definition update
[root@kerneltalks symantec_antivirus]# ./sav liveupdate -u Update was successful
Triggers the heartbeat immediately and download the profile from SEPM server
[root@kerneltalks symantec_antivirus]# ./sav manage -h Requesting updated policy from the Symantec Endpoint Protection Manager ...
Import sylink file in the client
[root@kerneltalks symantec_antivirus]# ./sav manage -i /tmp/sylink.xml Imported successfully.
Now, let’s look at a few errors and their possible solutions –
SAV manage server is offline
[root@kerneltalks symantec_antivirus]# ./sav manage -s Offline
This means your client is not able to communicate with the SEPM server. Make sure there is no firewall ( internal to OS like iptables or external ) is blocking the traffic. Also, you have proper proxy configurations in place. If its internal server make sure you excluded it from proxy as
Refer SEP communication ports here which will help you drill down communication issues.
Best way to troubleshoot LiveUpdate issues is to go through the log file
/opt/Symantec/LiveUpdate/Logs/lux.log. It has a descriptive message about the error which helps to quickly drill down to the problem.
[root@kerneltalks symantec_antivirus]# ./sav liveupdate -u sep::lux::Cseplux: Failed to run session, error code: 0x80010830 Live update session failed. Please enable debug logging for more information Unable to perform update
Or error logged in lux.log file as below –
Result Message: FAIL - failed to select server Status Message: Server was not selected
The client is unable to reach the LiveUpdate server or LiveUpdate Administrator i.e. LUA. Again same troubleshooting steps as above.
Share Your Comments & Feedback: