SEP processes appear on various Linux systems which may lead to increased system utilization
Article ID: 240470
Updated On:
Products
Issue/Introduction
You would like to prevent SEP for Linux from docking into containers, which may lead in generating high number of processes and performance issue.
Cause
By design, SEP will inject into all process.
For example:
ps -eaf | grep -i sym > av-prozesse.txt
root 153731 1 0 04:00 ? 00:00:27 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 137244
root 183439 1 0 04:01 ? 00:00:28 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 137206
root 199982 1 0 11:17 ? 00:00:00 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 1498212
root 656856 1 0 Mar26 ? 00:02:28 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 633732
root 869919 1 0 Mar27 ? 00:01:47 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 838741
root 995576 1 7 Mar25 ? 05:05:30 /opt/Symantec/sdcssagent/AMD/bin/sisamddaemon
root 996192 1 0 Mar25 ? 00:21:03 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon
sisips 996277 1 0 Mar25 ? 00:05:24 /opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon
dcscaf 997027 1 0 Mar25 ? 00:00:47 /opt/Symantec/cafagent/bin/cafservicemain --daemon
root 1023999 1 0 Mar25 ? 00:01:27 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 950459
Environment
Release : 14.3 RU1 and above
Resolution
In order to prevent SEP injection, please make a chance into the configuration file:
- Locate the LocalAgent.ini "/opt/Symantec/sdcssagent/IDS/system/" from one of your Linux Agents where Docker container running (and several sisidsdaemon processes runing)
- After create a backup of the file , edit and change following line:
#Enable Container Monitor=1 # Monitor Docker Containers
by
Enable Container Monitor=0 # Monitor Docker Containers
- reboot this Linux platform
- check if you see now a single sisidsdaemon process.
Feedback
