Symantec Endpoint Protection Linux clients show "Rejected" status when Active or Full Scan is sent as a command.
This is a known issue with the Symantec Endpoint Protection 14.3 and 14.3 Maintenance Patch 1 (MP1) Linux client.
To work around this issue, use the Custom Scan option when sending a scan command.
Note: The Custom Scan command uses the configuration defined in the Virus and Spyware Protection Policy for Administrator On-demand Scan settings when performing the scan.
To configure the Administrator On-demand Scan settings, edit the Virus and Spyware Protection Policy assigned to the client group(s) containing the Linux clients that you need to scan. The Administrator On-demand Scan settings are located under the Linux Settings > Scheduled Scans > Administrator-Defined Scans section of the policy editor. To edit the settings, browse to the section mentioned previously, then click on the "Edit..." button next to Administrator On-demand Scan settings.
This issue will be resolved in a future version of Symantec Endpoint Protection 14.3.