List of Symantec Endpoint Protection 14 antivirus client commands in Linux and few errors along with their possible solutions
In this article, we will walk you through few SEP 14 antivirus agent commands which will help you troubleshoot your issues related to it and then we will give solutions to some frequently seen errors.
Symantec Endpoint Protection 14 Linux client commands
How to restart SEP 14 Linux client processes
Stop SEP 14 Linux client using single command below –
[root@kerneltalks tmp]# /etc/init.d/symcfgd stop
Stopping smcd: .. done
Stopping rtvscand: .. done
Stopping symcfgd: . done
Start SEP 14 Linux client using below commands in the given order –
[root@kerneltalks tmp]# /etc/init.d/symcfgd start
Starting symcfgd: done
[root@kerneltalks tmp]# /etc/init.d/rtvscand start
Starting rtvscand: done
[root@kerneltalks tmp]# /etc/init.d/smcd start
Starting smcd: done
How to uninstall SEP 14 client from Linux machine
[root@kerneltalks tmp]# /opt/Symantec/symantec_antivirus/uninstall.sh
Are you sure to remove SEP for Linux from your machine?
WARNING: After SEP for Linux is removed, your machine will not be protected.
Do you want to remove SEP for Linux? Y[es]|N[o]: N
Y
Starting to uninstall Symantec Endpoint Protection for Linux
Begin removing GUI component
GUI component removed successfully
Begin removing Auto-Protect component
symcfgd is running
rtvscand is not running
smcd is not running
Auto-Protect component removed successfully
Begin removing virus protection component
smcd is running
rtvscand is running
symcfgd is running
Virus protection component removed successfully
Uninstallation completed
The log file for uninstallation of Symantec Endpoint Protection for Linux is under: /root/sepfl-uninstall.log
All the below commands are of binary sav
which is located in /opt/Symantec/symantec_antivirus
Display auto-protect module state
[root@kerneltalks symantec_antivirus]# ./sav info -a
Enabled
Display virus definition status
[root@kerneltalks symantec_antivirus]# ./sav info -d
11/24/2019 rev. 2
Check if the client is Self-managed or being managed from the SEPM server. The output is server hostname or IP who is managing the client.
[root@kerneltalks symantec_antivirus]# ./sav manage -s
syman01
Display the management server group to which the current client belongs.
[root@kerneltalks symantec_antivirus]# ./sav manage -g
My Company\Default Group
Run immediate virus definition update
[root@kerneltalks symantec_antivirus]# ./sav liveupdate -u
Update was successful
Triggers the heartbeat immediately and download the profile from SEPM server
[root@kerneltalks symantec_antivirus]# ./sav manage -h
Requesting updated policy from the Symantec Endpoint Protection Manager ...
Import sylink file in the client
[root@kerneltalks symantec_antivirus]# ./sav manage -i /tmp/sylink.xml
Imported successfully.
Now, let’s look at a few errors and their possible solutions –
SAV manage server is offline
[root@kerneltalks symantec_antivirus]# ./sav manage -s
Offline
This means your client is not able to communicate with the SEPM server. Make sure there is no firewall ( internal to OS like iptables or external ) is blocking the traffic. Also, you have proper proxy configurations in place. If its internal server make sure you excluded it from proxy as no_proxy
hosts.
Refer SEP communication ports here which will help you drill down communication issues.
LiveUpdate fails
Best way to troubleshoot LiveUpdate issues is to go through the log file /opt/Symantec/LiveUpdate/Logs/lux.log
. It has a descriptive message about the error which helps to quickly drill down to the problem.
[root@kerneltalks symantec_antivirus]# ./sav liveupdate -u
sep::lux::Cseplux: Failed to run session, error code: 0x80010830
Live update session failed. Please enable debug logging for more information
Unable to perform update
Or error logged in lux.log file as below –
Result Message: FAIL - failed to select server
Status Message: Server was not selected
The client is unable to reach the LiveUpdate server or LiveUpdate Administrator i.e. LUA. Again same troubleshooting steps as above.