Please shed some light on how "avdefs" group gets created when the Symantec endpoint Client [SEP] for Linux or the Datacenter Security [DCS] agent is installed on the Linux system. The GID for this group is not consistent and is there any way we can have it consistent on the Linux system in the environment.

SEP 14.3 RU1 and higher, Symantec Endpoint Security/SEP /DCS agent installed on Linux Operating system

The "avdefs" group creation is part of the sdcss rpm/deb. Script location: /opt/Symantec/sdcssagent/lib/instfunlib

Function:

addavdefsUser()
{  amdInstalled && [ "` getent group avdefs  `" = "" ] && \

   { /usr/sbin/groupadd avdefs  && usermod -aG avdefs root >>$LOGFILE 2>&1; }

That number (group id) is the next available one on the system after doing a 'groupadd avdefs' command from the installer. It is a system function. There is no default GID for avdefs. It cannot be consistent in all systems with endpoint agent.
Symantec users/groups are unprivileged except for the "dcscaf" user. Sisamddaemon and sisipsdaemon run as root to do their jobs.

refer: About the accounts used by Endpoint Protection / Endpoint Security on Linux systems