If it's a leak, it's HUGE as this is shortly after a total reboot.
I had a case open because the SEPM servers were being hammered and some workstations were totally taking all available bandwidth for the entire network - 6 meg worth.
Come to find out, it's a BUG with SEP/SEPM RU6a.
If you have a client at RU5 and have packages assigned to a group, and the computers in that group are supposed to update from the SEPM automatically, most do, but some will not, and they will totally suck all available bandwidth until no one can work.
The solution?
MANUALLY install RU6a on the clients. Don't do the group update package. Until all are totally upgraded from RU5 to RU6a, it kills the network.
These are clean new servers, the only thing on them is SEPM installed fresh from the RU6a package from Symantec.
SEPM is the only app causing us any woes at the moment.
Symantec still doesn't see this issue, but trust me, it exists in a huge way.
This isn't a matter of the SEPM sitting for days and gradually taking resources, this is happening within minutes of reboots. And, if you close the console and don't have any clients still back at RU5, then you won't see this issue at all.
LU does still bring the servers to their knees - the solution - stretch out the LU intervals and use other methods to get defs.
Sorry, RU6a is so buggy I can't recommend it. Stick with RU5 if at all possible.