Video Screencast Help

Performance as a feature

Created: 17 Oct 2011 • Updated: 17 Oct 2011 | 5 comments
Paul Murgatroyd's picture
+1 1 Vote
Login to vote

Well, four months after shipping SEP12.1 and over one million endpoints now deployed and running successfully, I'd like to take some time out to talk about how we achieved the performance we have with SEP12 and whats keeping our customers happy!

A few years ago our friends in the consumer team threw down the gauntlet, challenging the idea that performance must be traded away in favour of security.  To accomplish their mission, they had to change themselves and in the process, changed the entire conversation, shifting the focus to include not only effectiveness and accuracy but minimum performance impact felt by the customer.

But Symantec is an industry leader, so rehashing the previous cutting-edge methods won’t do.  In 2011, we’ve joined them in their crusade for the best possible performance without the sacrifice of security.

In order to do this, we had to change the game, as not everyone has the same computer system with the same expected applications. Since our products run on all of these systems, we needed to make sure our performance improvements applied to all of our customers, regardless of the system used. It was a logistical challenge, but because of our experience, it’s one we could meet and deliver on.

Unveiling the Symantec Endpoint Protection 12.1 Performance Improvements

Faster Real-Time Operations

Regardless of customer size, there are some things everybody uses their computer for: creating and copying files, storing documents or pictures, installing new applications as needed, browsing the Internet, reading and responding to email, and many more. These functions are also windows through which potentially malicious code can enter, and so they are what security programs monitor. When there is a lot of activity, performance can be slowed while each activity is scanned for threats.  SEP 12.1 is designed specifically with that in mind and provides the least impact on real-time operations such as file copy and access times, improving your work efficiency.  We did this by:

  • Streamlining our scanning and minimizing callbacks among components
  • Optimizing the file-access patterns
  • Enhancing the file-caching algorithms
  • Reducing the memory footprint
  • Applying dynamic configurations based on the specifications of systems
  • Non-critical operations are deferred to idle time

Faster Startup

Before any computer can be used, it needs to be started. While this was an area of focus for later versions of SEP11--and we’ve made some dramatic improvements--we felt we could do even better.

And we’ve done better.  By inventing many breakthrough internal tools that helped us uncover the next hidden performance bottlenecks during system startup, we were able to add the following advancements in SEP 12.1 start time protection and speed:

  • Sequenced Symantec startup items with optimized protection and speed
  • Coalesced scanning jobs to minimize CPU usage during system startup
  • Reduced file I/O with improved memory mapping and caching algorithms
  • Minimized risk of resource contention with other applications

Using the new approaches for this release, we worked to restructure ourselves and were able to streamline the system startup. The result is a faster start due to a great reduction in CPU and I/O traffic.

Better Resource Usage during System Idle

SEP 12.1 improves the scheduling logic of idle-state tasks such as a quick scan and other security scans so that jobs are performed in an optimal pattern that results in reduced power consumption. In addition, the improvement helps ensure that the computer’s Sleep and Hibernate states respond and operate with no impact.

Faster Shutdown

Shutdown is as challenging as startup from an engineering perspective.  All plug-ins of processes must turn off gracefully while still allowing them to perform the last-second operations required before being closed by the OS. Breaking an orderly sequence of interdependent plug-ins can result in system instability and affect other areas of system performance.  SEP 12.1 minimizes the risks from unexpected shutdowns such as power outages or forced user shutdowns.  All disk-flushing tasks are stopped, resulting in a faster shutdown process.

Expanded Memory Metrics

SEP 12.1 products had already introduced one of the industry’s lowest memory footprints, but memory is a complex issue. In developing SEP 12.1, we expanded our memory metrics to include Private Bytes, Virtual Bytes, Page Faults, Process Threads and Handles. We started by checking the resource size of all the functional components within the product and then combined similar process threads. Currently we are working to further identify all the issues and opportunities within each of the memory types. Our in-house test results show that we are moving in the right direction and we can see that evidence in third party testing too.


Our commitment to improving the performance of our products never stops. We pursue the best practices and innovate to provide the fastest security products for the benefit of our valued customers. The performance improvements of SEP 12.1 touch on everyday tasks performed on your computer and greatly improve efficiencies in any environment.  The improvements are the result of us working together toward one goal--building the fastest security products--and the great feedback from our valued customers.

Finally, please allow us to express our sincere appreciation for being our loyal customers and motivating our continuous performance improvements.

This article has been adapted for the SEP 12.1 product from the Norton 2011 article here, written by Dong Chung, one of the original engineers behind these amazing performance improvements.

Comments 5 CommentsJump to latest comment

thatdude's picture

Good info!

Login to vote
Mahesh S's picture

Usefull info, good analysis!

If the above comment help to resolve your issue then mark as solution

Login to vote
Chellu's picture

Awesome analysis..

Login to vote
RHN's picture

Thank you for this succint information. Now waiting for RU1

Login to vote
MaRRuT@CC's picture

well done! I hope that the tamper protection problem on a migration will be fixed then with symprotect =)

Login to vote