CPU usage for lsass.exe increases after migrating Symantec Endpoint Protection (SEP) Release Update 5 (RU5) or newer. This is seen on systems with limited resources connecting to encrypted network shares.
This is an unintended side-effect of changes made to the AutoProtect component of SEP RU5. The change was made to resolve issues with files that are affected by Opportunistic Locking. After RU5, AutoProtect will cause lsass.exe to query files that are locked by Opportunistic Locking multiple times. In environments with very little free resources, this will cause the system's performance to slow, and the CPU usage of lsass.exe to increase significantly.
Note: Because of the nature of this issue, the fix in RU6 MP3 is not enabled by default. Please contact Symantec Support in order to confirm the issue and receive instructions on activating the necessary changes.
Program is designed to access a database on an encrypted network share, copying data from this share down as temp data.
Imported Document ID: TECH140986
Subscribing will provide email updates when this Article is updated. Login is required.