Sprache wählen
Menü öffnen
Suche anzeigen
Sprache wählen
Lösungen
Finanzwesen
Liegenschafts- und Gebäudemanagement
Kommunale Betriebe
Berichtswesen Plus und Business Intelligence
Kommunale Beratung
Ausländerwesen und Einbürgerungsverfahren
eGovernment & Digitalisierung
Cloud
Märkte
Smart City
Verwaltung
Gebäude­management
Kommunale Betriebe
Kirche
Eigenbetriebe
Referenzen
Alle Referenzen
Liegenschafts- und Gebäudemanagement
Berichtswesen Plus und Business Intelligence
Ausländerwesen und Einbürgerungsverfahren
Cloud
Finanzwesen
Kommunale Betriebe
Kommunale Beratung
eGovernment & Digitalisierung
Referenzvideos
Services
eMagazin
Aktuelles
Seminare
Terminkalender
Technischer Support
Newsletter
Unterstützung im Tagesgeschäft
Unternehmen
Profil
Axians Infoma
Axians und VINCI Energies
Unsere Werte
Unsere Historie
Karriere
Jobs bei Axians Infoma
Benefits
Willkommen an Bord
Entwicklungsmöglichkeiten
Mitarbeiterinterviews
Partner
Infoma partnergroup
Technologiepartner
Presse
Presseinformationen
Pressematerialien
Kontakt
Ansprechpersonen
Standortkarte
Running Docker containers in process isolation when Symantec Endpoint Protection is installed

Running Docker containers in process isolation when Symantec Endpoint Protection is installed

Axians Infoma   >  Tech Blog >  Running Docker containers in process isolation when Symantec Endpoint Protection is installed
6. April 2019

Running Docker containers in process isolation when Symantec Endpoint Protection is installed

A couple of month ago, Microsoft and Docker enabled process isolation for Docker containers on Windows 10. That matters a lot because the alternative is hyper-v isolation which means that you actually run a „mini VM“ every time you run a container. Depending on the circumstances, that can be a very desirable feature but when you are running containers on your local machine for development, it probably it isn’t as it forces you to allocate memory in advance and just adds some overhead that you don’t need in that case. Therefore I was very happy when I saw this and even tried it with non-released builds but it failed. The containers froze on startup and I didn’t find a way forward, even with the help of John Howard, one of the persons working on Docker containers from the Microsoft side.

Then I found out that it was related to Symantec Endpoint Protection, a tool which usage is mandatory (for very good reasons, of course) in my company. Uninstalling it allowed the containers to run, but that wasn’t a viable solution. Fortunately one of the Security Administratory in my company, Laurent Dalciet, dug deeper and came up with a solution which now allows me to run containers in process isolation! As I found a couple of other people with similar problems, but no solution, I wanted to share this, so I asked him what he did and he was kind enough to create the following step by step instructions. Thanks a lot!

  1. Go to Application & Device Control Policies part in your SEPM
  2. Choose the policy you want to change (linked to the computers SEPM group)
  3. Go to Application Control and click on the Add button:
    1. Tick the „Sub processes Inherit…“ box
    2. Click on Add
    3. Select Add Condition => Launch Process Attempts
    4. Click on Add
    5. Add the processes listed below and go to the „Actions“ part

    6. Select „Allow Access“ and quit all windows opened by clicking on „Ok“ on each one.
  4. Go to the concerned computers and “Update Policy” on the SEP client to apply the change immediately.

Der Autor

Tobias Fenster Tobias Fenster

Kategorien

Container, Docker

Schlagwörter

RSS Feed

RSS Feed abonnieren

«

»

Axians Infoma GmbH
Hörvelsinger Weg 21
89081 Ulm
Deutschland

info@axians-infoma.de
+49 731 1551-0

Kontakt

Standortkarte Axians Infoma GmbH

Kontakt

Standortkarte Axians Infoma GmbH

Service

Karriere

Nutzen Sie die Chance und schlagen Sie beruflich neue Wege ein!

Weiterlesen

Folgen Sie uns