Solution:
The Scan Tuning feature in Symantec Endpoint Protection 11.x works by monitoring file Input and Output. If Symantec Endpoint Protection is doing most of the file IO, the scan will continue unthrottled. If another process is performing a large amount of IO then Symantec Endpoint Protection will throttle the scan until the IO caused by other processes is reduced. If a scan is throttled, Symantec Endpoint Protection will continue to scan but at a much slower speed.
Best Scan Performance – Symantec Endpoint Protection scans as fast as it can. No throttling is done. This is essentially the way legacy SAV scanned.
Balanced Performance – Symantec Endpoint Protection will throttle if other processes are doing a lot of IO. If other processes are doing some, but not a lot of IO, then Symantec Endpoint Protection will not throttle the scan.
Best Application Performance – Symantec Endpoint Protection gives preference to other applications. If other processes are doing some IO, Symantec Endpoint Protection will throttle the scan until the amount of IO by the other processes goes down.
Legacy versions for Symantec AntiVirus have a similar option called “Throttling”. The Throttling option works differently in that it changes the process priority for the scan. Symantec Endpoint Protection scan tuning does not change the scan process priority; instead, it uses the more efficient method of monitoring file IO as described above. For additional information on the legacy scan throttling please see the appropriate Symantec Client Security or Symantec AntiVirus Administrators Guide.