You would like to prevent SEP for Linux from docking into containers, which may lead in generating high number of processes and performance issue.
By design, SEP will inject into all process.
For example:
ps -eaf | grep -i sym > av-prozesse.txt
root 153731 1 0 04:00 ? 00:00:27 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 137244
root 183439 1 0 04:01 ? 00:00:28 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 137206
root 199982 1 0 11:17 ? 00:00:00 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 1498212
root 656856 1 0 Mar26 ? 00:02:28 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 633732
root 869919 1 0 Mar27 ? 00:01:47 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 838741
root 995576 1 7 Mar25 ? 05:05:30 /opt/Symantec/sdcssagent/AMD/bin/sisamddaemon
root 996192 1 0 Mar25 ? 00:21:03 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon
sisips 996277 1 0 Mar25 ? 00:05:24 /opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon
dcscaf 997027 1 0 Mar25 ? 00:00:47 /opt/Symantec/cafagent/bin/cafservicemain --daemon
root 1023999 1 0 Mar25 ? 00:01:27 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 950459
Release : 14.3 RU1 and above
In order to prevent SEP injection, please make a chance into the configuration file:
- Locate the LocalAgent.ini "/opt/Symantec/sdcssagent/IDS/system/" from one of your Linux Agents where Docker container running (and several sisidsdaemon processes runing)
- After create a backup of the file , edit and change following line:
#Enable Container Monitor=1 # Monitor Docker Containers
by
Enable Container Monitor=0 # Monitor Docker Containers
- reboot this Linux platform
- check if you see now a single sisidsdaemon process.