High disk usage when Symantec Endpoint Protection clients update their virus and spyware definitions.
search cancel

High disk usage when Symantec Endpoint Protection clients update their virus and spyware definitions.

book

Article ID: 157757

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

Disk I/O increases significantly for several minutes after a Symantec Endpoint Protection (SEP) client updates it's virus definitions.

Environment

SEP 14.x

Cause

By default, when the virus definitions are updated on a client, a rescan of the file cache will be initiated.

Resolution

To work around this issue, modify the SEP client Virus and Spyware Protection policy to disable Rescan cache on new definitions load.

  1. Log in to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies > Virus and Spyware Protection
  3. Select the policy you wish to update and click Edit the policy
  4. Click Auto-Protect > Advanced > File Cache
  5. Un-check Rescan cache when the new definitions load
  6. Save the policy changes and confirm your client receives the updated policy

 

Please note that disabling the rescan of Auto-Protect cache doesn't lower the protection provided by SEP clients.

For more details on this feature see the article: 

How does the "Rescan the cache when new definitions load" feature work in SEP?
https://knowledge.broadcom.com/external/article/156652

 

An alternative resolution is the disable the Auto-Protect cache in the Antimalware policy

  1. Log in to the Symantec Endpoint Security console 
  2. Click Policies 
  3. Select the Antimalware policy you wish to update 
  4. Click Show Advanced  next to Enable Auto-Protect 
  5. Un-check Enable file cache
  6. Confirm your client receives the updated policy
Powered by Wolken Software