Endpoint Protection

 View Only

  • 1.  SEP 14 stops Docker Windows from working

    Posted Jan 24, 2017 04:21 PM

    I am running Windows Server 2016 with Microsoft Docker components installed.

    I had to install SEP 14 (14.0.1904.0000) to be able to pull images.

    Many people have reported problems with all manner of virus scanners & Docker:

      https://github.com/Microsoft/Virtualization-Docume...

    With SEP 14.0.1904.0000 I was able to successfully pull images.

    However, doing a simple docker run -it microsoft/windowsservercore hangs and never finishes.

    Disabling SEP did not help. Only uninstalling it helps.

    Is this a known issue? How to get it fixed?

     

    (Sorry if this is a duplicate, couldn't find my first post)

     



  • 2.  RE: SEP 14 stops Docker Windows from working

    Posted Jan 24, 2017 04:36 PM

    Per Symantec, 14 fully supports server 2016 (whereas with 12.1, docker needed to be disabled as 12.1 wasn't comaptible).

    You'll likely need to get a case opened so they can start root cause analysis.

    Have you tried with just the AV component installed?



  • 3.  RE: SEP 14 stops Docker Windows from working

    Posted Jan 25, 2017 09:08 AM

    The link above is truncated, it should be: https://github.com/Microsoft/Virtualization-Documentation/issues/355

    I haven't tried any variations yet other than installing the SEP client. My organization is still using 12.1 so I had to install a trial version of SEP 14 to test it out.



  • 4.  RE: SEP 14 stops Docker Windows from working

    Posted May 23, 2017 07:05 AM

    Had a similar issue with v14.0.2332.0100, where disabling SEP made no difference.  Errors went away when SEP was removed completely, and also not present when just the basic Virus and Spyware feature of SEP was re-installed.

    Installing the features one by one found that Proative Theat Protection>Application and Device Control seems to be the cause. Case submitted to Symantec to review.



  • 5.  RE: SEP 14 stops Docker Windows from working

    Posted Jul 17, 2017 02:45 PM

    Just experienced this issue on SEP 14.0.2415.0200.  Tech on our Server team completely removed SEP from server and Docker worked.  Now they are requesting authority to run without A/V.  I am opening a ticket with Support to provide a solution since that is completely unacceptable.  Any new information on this thread?



  • 6.  RE: SEP 14 stops Docker Windows from working

    Posted Jul 17, 2017 03:04 PM

    Here I had thought that SEP 14 MP1 fixed the problem. In reality, it may be because I was given SEP 14 MP1 that did not have "Proactive Threat Protection" enabled! We recently had a system with 14 MP2 and had to uninstall.



  • 7.  RE: SEP 14 stops Docker Windows from working

    Broadcom Employee
    Posted Jul 18, 2017 10:33 AM

    I suspect this may be due to sysfer injection for Application Control.
    You may wish to try adding an ADC exception for the Docker executable in order to prevent ADC sysfer injection.

    Here is an overview document that talks about creating AC exclusions to help prevent injection issues.

    https://www.symantec.com/connect/articles/crreating-application-control-exclusions-symantec-endpoint-protection-121

     



  • 8.  RE: SEP 14 stops Docker Windows from working

    Posted Oct 13, 2017 08:38 AM

    What we wish is that SEP actually works with Docker.

    Symantec claims it does: https://support.symantec.com/en_US/article.TECH236867.html

    Yet is clearly does not.



  • 9.  RE: SEP 14 stops Docker Windows from working

    Posted Nov 09, 2017 03:55 PM

    I suspect you may need to update to SEP 14.0 RU1 and implement the exceptions suggested in this article:

    https://support.symantec.com/en_US/article.TECH246815.html