When certain modules are loaded into the Microsoft SQL Server process address space (Sqlservr.exe), you may encounter the following symptoms:
Application and Device Control can inject Symantec cmc firewall sysfer into processes as part of its operation.
Exclude SQLservr.exe from the exclusions section in SEPM.
Here are samples of other exclusions:
%[SYSTEM]%\audiodg.exe (Audio Device)
%[SYSTEM]%\mfpmp.exe (Media Foundation Protected Pipeline)
%[SYSTEM]%\werfault.exe (Windows Problem Reporting)
%[SYSTEM]%\werfaultsecure.exe (Windows Fault Reporting)
%[SYSTEM]%\wermgr.exe (Windows Error Reporting Manager/ Windows Problem Reporting)
Once SQL Server is excluded, it should no longer inject itself into the process.
On my setup (SQL 2016) the location was: C:\Program Files\Microsoft SQL Server\MSSQL14.SEPMDB\MSSQL\Binn
A restart of the SQL Server or the SQL Server services is required to clear the injection.