Endpoint Protection

 View Only

  • 1.  100% Hard drive activity each time SEP received a new definition

    Posted May 13, 2014 11:21 AM

    Hi all, for several month I have notice that each time SEP (12.1 RU4 MP1) receive a new definition, my hard drive activity grow to 100% for 20 minutes.

    Each time a new version of SEP is release, I hope that this bug will be fix. But the latest version still have this bug.

    Does a solution exists ?



  • 2.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 13, 2014 11:23 AM

    You can turn this off, see this article:

    How to turn off Active Scan when new definitions arrive



  • 3.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 13, 2014 11:40 AM

    Check this article

    Symantec Endpoint Protection client shows high CPU usage immediately after virus definition updates.

    Article:TECH170756  |  Created: 2011-09-29  |  Updated: 2011-10-17  |  Article URL http://www.symantec.com/docs/TECH170756


  • 4.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 13, 2014 11:47 AM

    Issue

    Immediately after downloading and applying definitions, either from the Symantec Endpoint Protection Manager (SEPM) or through LiveUpdate, the CPU usage of the Symantec Endpoint Protection (SEP) 12.1 client becomes very high for ten to fifteen minutes. ccSvcHst.exe is reported as being the process responsible for the high CPU usage.

    Environment

    Observed on Windows XP SP3 using the SEP 12.1 RTM build on systems with MS KB 2616676 also installed.

    Cause

    This problem appears to be caused by a memory leak issue that occurs with MS KB 2616676 installed. This may result in unexpected behavior from ccScvHst.exe.

    Solution

    It has been reported to Symantec that applying Microsoft Hotfix KB 959658 to impacted systems resolves this issue. This hotfix is designed to address issues caused by MS KB 26166763.
     

     

    I don't believe this applies in this case



  • 5.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 13, 2014 12:25 PM

    Might also be worth disabling the file cache rescan option in your AV Policy (in addition to disabling the Active Scan).  This has been known to help with performance:

    http://www.symantec.com/docs/TECH191600



  • 6.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 14, 2014 03:21 AM

    Hi _Brian, thanks for your answer. This option is already unselected.



  • 7.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 14, 2014 03:23 AM

    This article didn't apply to this issue (CPU usage on Windows XP vs. HD usage on Windows 7)



  • 8.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted May 14, 2014 03:29 AM

    Hi SMLatCST, thanks for your answer. I will try that today.



  • 9.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted Jun 26, 2014 11:50 AM

    Hi, today I've received two new definitions (10h27 and 17h31) and each time my hard drive was at 100% activity.

     



  • 10.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted Jun 26, 2014 11:53 AM

    Did you follow SMLatCST's advice?



  • 11.  RE: 100% Hard drive activity each time SEP received a new definition

    Posted Jun 26, 2014 12:40 PM

    Yes, these two options are deactivated.