upgarde to 11.0.6 and check the version.

Hello,

Make sure you are carrying the Latest version of SEP 11.0.6300.

Are there any Network mapped drives on the machine??

Exclude the mapped network drives from scheduled scans on SEP clients.

Instead, perform scheduled scans on these drives from the server to which they are attached.

http://www.symantec.com/docs/TECH97017

Technically speaking, RU6 MP3 is not the latest version. RU7 (11.0.7000.975) or SEP 12.1 would be the latest.

I want her to not to notice this scan is running on her machine.

You can try using the 'scan tuning options' document noted below, but even with 'best application performance' chosen, there is bound to be some kind of performance hit when a scheduled scan is running during those times she's working. In all honesty your best bet is to run the scan after hours (provided she is not habitually turning the machine off at night) and/or disable scanning of compressed files (scanning compressed files makes the scan take longer, it's processor intensive, and the contents of the compressed files would be scanned by Auto-Protect when uncompressed).

Symantec Endpoint Protection scan tuning options
http://www.symantec.com/docs/TECH105706

This may also be of use:

Symantec Endpoint Protection Client configuration changes for performance optimization
http://www.symantec.com/docs/TECH102711

I need to know how to monitor this process what settings to set in perfmon.

I don't really have advice on Performance Monitor settings, but if you're looking to throttle the process, use the scan tuning options.

sandra

Tuning the configuraiotn will help, If this only happened on few machines, I would recommend to run some tools to check what rtvscan attempted to scan, filemon, regmon and others are pretty good tools to start with.