In fact, what we have it's a Windows Server Cluster running this specific web application constantly reading/writing in Oracle databases. When SEP is running,
CLUSTER LOGS:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2667608430-3576672997-1743003026-1496:
Process 1304 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-2667608430-3576672997-1743003026-1496\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks
Process 864 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2667608430-3576672997-1743003026-1496\Printers\DevModePerUser
DATABASE LOGS:
[ default][10732]ut_read_reg:2:ocr registry key SOFTWARE\Oracle\olr cannot be opened. error 2
[ CLSE][10732]clse_get_crs_home: Error retrieving OLR configuration [0] [Error opening olr registry key. The system cannot find the file specified.]
Well, I think the problem is clear: Oracle is reading from registry in which is also been reading by SEP what causes the service to stop. What could be the best solution? Decrease scan type to a "fast" scan? Adding Oracle to exceptions will be enough? Preventing SEP from scanning registry? Other solution?