High CPU usage with svchost.exe when Windows Updates are loading
|Article:TECH103437|||||Created: 2007-01-27|||||Updated: 2009-01-10|||||Article URL http://www.symantec.com/docs/TECH103437|
Why is Windows Update using such a high amount of system resources?
Windows Update loads many files into the Folder: "C:\WINDOWS\SoftwareDistribution\Datastore". Many of these files are zipped and quite a few of them have nested Zip files within them. This causes Rtvscan.exe to use high resource allocations, which in turn causes svchost.exe to use high amounts of CPU and memory.
Exclude the folder: C:\Windows\SoftwareDistribution\Datastore" from Auto-Protect scanning and svchost.exe will return to normal operation.
Setting up exclusions can open up potential attack vectors for malicious code. Symantec recommends Full System Scans are run on a regular basis to lower any risks associated with exclusions.
NOTE: Auto protect does not scan compressed files if CPU is high it is because scanning of the extracted files before windows updates applies the fixes.
Suggestion for this document from Chris Chandler -SPR/Enterprise:
If there is high CPU utilization during a Windows Update this is occurring because of the scanning of files being unpacked (as the zip files are ignored)
Article URL http://www.symantec.com/docs/TECH103437