You have a Linux server running Docker Enterprise or Community Edition and Symantec Endpoint Protection (SEP) for Linux 14.2 RU2 or lower. When you create an eicar.com file in a Docker container and copy it to a Docker host volume, the file is not immediately detected and removed. The detection and removal does not occur until you perform an operation against the file that was copied to the Docker host volume.

• SEP for Linux 14.2 or lower
• Docker Enterprise or Community Edition

This issue has been fixed in 14.2 RU2 MP1, by additionally monitoring for the API call triggered by the docker executable.