@Brian & hamad3914
The server with really long scan times that I've been testing is a domain controller. It doesn't at any large files or archives that I'm aware of. Largest files are SEP's definitions archive and the security event log which reaches 256MB and gets archived to a different machine.
I enabled debug logging and there was a few instances where the VM was too busy and throttled itself with the message below.
22:11:05.331984[_1768][_5200]|ScanThrottling: User is not Idle. Sleeping 3000 ms for the Best Application Performance scan.
Most of the log was filled with the message below.
03:53:46.814367[_1768][_5200]|CheckInfestationMode: not time to analyze, over max 300 and checking only every 30 files
03:53:46.816701[_1768][_5200]|CSavScanSink::OnSkippedFileScan: Skipping file \\?\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\MigrateUserScans.exe, reason 1
The scan took over 16 hours which is way too long.
hamad3914 mentioned that it could be trusted files take longer to scan. I set up shared insight cache expecting it to decrease scan times...is it possible it could be doing the opposite? How could that be and what should I do to correct it?
Edit;
Typos