Endpoint Protection for Linux may crash during scans of system directories
search cancel

Endpoint Protection for Linux may crash during scans of system directories

book

Article ID: 173712

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP for Linux may crash during scans of of certain system directories

For example, scans of the /sys/kernel/debug directory result in a system oops or kernel panic when Symantec Endpoint Protection for Linux (SEPFL) is installed on SuSE 12 SP3 using kernel 4.4.143. This is seen primarily on the Amazon Web Services (AWS) platform:

[ 776.462972] general protection fault: 0000 [#1] SMP
[ 776.464058] Modules linked in: symap_custom_4_4_155_94_50_default_x86_64(POEN) symev_custom_4_4_155_94_50_default_x86_64(OEN)
...
[ 776.464058] CPU: 0 PID: 6997 Comm: rtvscand Tainted: P OE N 4.4.155-94.50-default #1
[ 776.464058] Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006

Environment

SEP for Linux, any version of Linux

Resolution

For this and other reasons, Symantec recommends that you exclude the following Linux system directories from all SEP scans:
/sys
/proc
/dev

For more information, refer to the following articles: