I've been noticing really high winlogon i/o read bytes in the multi-gigabyte range. In troubleshooting a range of programs and services, the culprit is the "Proactive Threat Protection". As a test I uninstalled proactive threat protection and the i/o read bytes fell to the mb range.
What are my options? Obviously my policy will just reinstall Proactive and I don't really want to turn it off.
This looks like a tuning question more than anything else.
We are set on the defaults of "scan frequency" symantec default. I didn't set this up so it looks like the rest of the settings are default also.
The main symptom from my engineering users is this HIGH read/ i/o really slows down the workstation, creates constant hard drive activity and in general is making my engineering users life miserable.