What is the dcscaf account running on Linux instances installed with CWP/SEP/SES/DCS agent?
What other users / groups does Symantec create and use?
SEP 14.3 RU1 and higher, CWP/SEP/SES/DCS agent installed on Linux Operating system
"dcscaf" user is a service account created by Common Agent Framework component (cafservice or cafagent in short) of Linux agent.
It is created during installation of the agent. Following points are to be noted about this account:
Other user accounts created: sisips, dcscaf
Groups: sisips, dcscaf, avdefs
These Symantec users/groups are unprivileged except for the dcscaf user as noted above. Symantec "uses" the root account in that the sisamddaemon and sisipsdaemon run as root to do their jobs.