High CPU usage with svchost.exe when Windows Updates are loading

Article:TECH103437  |  Created: 2007-01-27  |  Updated: 2009-01-10  |  Article URL http://www.symantec.com/docs/TECH103437
Article Type
Technical Solution



Why is Windows Update using such a high amount of system resources?


Windows Update loads many files into the Folder: "C:\WINDOWS\SoftwareDistribution\Datastore". Many of these files are zipped and quite a few of them have nested Zip files within them. This causes Rtvscan.exe to use high resource allocations, which in turn causes svchost.exe to use high amounts of CPU and memory.


Exclude the folder: C:\Windows\SoftwareDistribution\Datastore" from Auto-Protect scanning and svchost.exe will return to normal operation.

Setting up exclusions can open up potential attack vectors for malicious code. Symantec recommends Full System Scans are run on a regular basis to lower any risks associated with exclusions.

NOTE: Auto protect does not scan compressed files if CPU is high it is because scanning of the extracted files before windows updates applies the fixes.

Technical Information
Suggestion for this document from Chris Chandler -SPR/Enterprise:

If there is high CPU utilization during a Windows Update this is occurring because of the scanning of files being unpacked (as the zip files are ignored)

Legacy ID


Article URL http://www.symantec.com/docs/TECH103437

Terms of use for this information are found in Legal Notices