are u trying to install all the componentsof SEP?
like Antivirus /antispyware
ptp
ntp?
try just installing av/AS and check the load

As Rafeeq told.NTP shold be the issue.Anyway have a look in below doc also

Symantec Endpoint Protection Client configuration changes
for performance optimization

 Sorry...we only install the antivirus/antispyware component.

The server also shows very little load when the issue occurs.

Whether you tried my suggestions? 

Not yet...will try these things tonight:

Communication settings
Disable tamper protection

(Network drive scanning is off and scheduled scan was already running at a non-intrusive time)

 Tried those settings but it was slow again for the users this morning.  Have uninstalled it again for now to allow the users to work.

Any other suggestions?

Have a look in below article and assure that all necessary exclusions re done.(By default SEP will exclude for dc anyway just confirm.
Virus scanning recommendations for computers that are running currently supported versions of Windows 

For confirming the exclusions refer below article
How to Verify if an Endpoint Client has
Automatically Excluded an Application or Directory
-------------------------------------------------------------------------------------------------------------------
Only install AV/AS ,remove any mail scanning component of AV/AS also.

 Will check the exclusions at the next install (didn't do it last night)

How can I verify that I'm not installing any mail scanning component?  I have just been exporting the package from Admin -> Install Packages.  Should I use the deployment wizard instead?

Out of curriosity having dealt with an A/V compatibility problem a few years back that sounds extreemely similar to yours:

How many files are in your 1 TB of files?
How many users connect at a given time?
By chance do you have non-Windows clients connecting (like Macs/Linux)?

A few years back, I was having trouble with any A/V (I tried several products) running on one of my file servers.  Using process monitoring tools, I was able to track down that systems were not "letting go" of files when they were done with them.  Somehow A/V, regardless of the vendor, caused the problem to become worse.  Interestingly, all of the files that were left open came from Macs that were connecting.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008112414453348?Open&seg=w 

The SEP client is not installed on our Citrix servers.  We use McAfee as SEP would be a dog on terminal servers.

Try by adding scanning exclusion for ntuser.dat/ntuser.man  files.. 

 We have a 2003 DC/file server hosting about the same amount and type of data and we haven't had any issues on it with SEP so it has to be a specific issue with 2008.

See whether this can help you in this
Configuring opportunistic locking in Windows 

Hi Stix,

By default, SEP's Auto-Protect scans files as they are written from your computer to a remote computer. Auto-Protect also scans files when they are written from a remote computer to your computer.  It is possible to configure whether or not your Auto-Protect trusts files on the remote computers that run Auto-Protect.  You can also specify whether or not your computer should use a cache to store a record of the files that Auto-Protect scans from a network.  Adjusting those settings may improve performance on your Windwos 2008 Serevr.

Configuring Network Scan Settings in Symantec Endpoint Protection

Thanks and best regards,

Mick

 Well, the plot thickens...

I investigated the "slowness" myself and discovered that the issue is very specific.

The user's application data directory is redirected to their shares, ie \\FILE-SERVER\user\Application Data

When the users have an xla file in \\FILE-SERVER\user\Application Data\Microsoft\Excel\XLSTART, Excel takes ages to open an Excel file.  If that file isn't in there, Excel opens files immediately.

And the kicker...if Auto Protect is enabled on the file server with the xla file present, Excel takes ages top open files.  If Auto Protect is disabled, Excel opens files immediately even with the xla file still there!

So SEP is doing something with the xla file when Excel opens!

I tried adding an exception for the xla extension and even the whole folder for the user, but the issue still remains.  The trouble is, all the staff must definitely have this xla file present.

I can easily replicate the issue - how do we go about contacting Symantec support?  Do we have to have support purchased?

Any other thoughts now?

 In order to open a phone case with Symantec you will have to have Support purchased. Details of how to open a case can be found here:

Process for opening a case to resolve technical issues

http://service1.symantec.com/support/custserv-ent.nsf/854fa02b4f5013678825731a007d06af/1a0a181d52a15af58825757f00655df1?OpenDocument

Cheers
Grant

Have already opened a support case.

The first time on the phone, I was on hold for an hour.  Hung up as I had another appointment.

The second time, I was on hold for an hour and a half then they hung up.