You would like to prevent Symantec Endpoint Protection (SEP) for Linux from docking into containers, which may lead in generating high number of processes and performance issue.

Release : 14.3 RU1 and above

By design, SEP will inject into all process.

For example:

ps -eaf | grep -i sym > av-prozesse.txt

root      153731       1  0 04:00 ?        00:00:27 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 137244
root      183439       1  0 04:01 ?        00:00:28 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 137206
root      199982       1  0 11:17 ?        00:00:00 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 1498212
root      656856       1  0 Mar26 ?        00:02:28 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 633732
root      869919       1  0 Mar27 ?        00:01:47 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 838741
root      995576       1  7 Mar25 ?        05:05:30 /opt/Symantec/sdcssagent/AMD/bin/sisamddaemon
root      996192       1  0 Mar25 ?        00:21:03 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon
sisips    996277       1  0 Mar25 ?        00:05:24 /opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon
dcscaf    997027       1  0 Mar25 ?        00:00:47 /opt/Symantec/cafagent/bin/cafservicemain --daemon
root     1023999       1  0 Mar25 ?        00:01:27 /opt/Symantec/sdcssagent/IDS/bin/sisidsdaemon -n 950459

In order to prevent SEP injection, please make a change into the configuration file:

1.  Locate the LocalAgent.ini "/opt/Symantec/sdcssagent/IDS/system/"  from one of your Linux Agents where Docker container running (and several sisidsdaemon processes runing) 
2.  After create a backup of the file , edit and change following line:

Enable Container Monitor=1                             # Monitor Docker Containers

replace by 

Enable Container Monitor=0                             # Monitor Docker Containers

    3. Reboot this Linux platform

    4. Check if you now see a single sisidsdaemon process.