I think I saw this when we first started seeing the new 12.1.1 clients get installed. There was no HDD light issue but we don't comnnect the clients to SEPM for updates; we go straight to Symantec. We have Bluecoat controlling access to the Internet so we saw repeated Internet signons popping up without the user having a browser open.
We had to make sure we had exclusions (both whitelisting in Blue Coat and in exceptions). The two URLs were:
ent-shasta-mr-clean.symantec.com
ent-shasta-rrs.symantec.com
(I thought they would have *.symantec.com whitelisted but no, just specific ones)
Also check the reboot status (needs reboot) of some of the machines. We kept getting "needs reboot to install features of Network Threat Protection". Note that Sonar and Insight seem to be related to the Anti-virus product more than NTP. Finally, I also checked the policy boxes to always disable Windows Firewall when running Symantec (re-enables upon uninstall). Unfortunately, could tell what fixed most of the issue but our systems settled down after all that. Hope that any of this will help.
Howie