The SymDaemon process may consume a high amount of CPU in Symantec Endpoint Protection (SEP) for Mac.
This can be caused by compressed file scanning in SEP for Mac, and some relief may be obtained by disabling compressed file scanning where it is unnecessary. There are otherwise some improvements that will be made to the SymDaemon process in the next version of SEP for Mac; this article will be updated as new information becomes available.
Compressed file scanning is typically not recommended, especially for AutoProtect. Extra CPU resources are required to decompress and examine such files. If there are any risks in compressed files they do not present a threat unless decompressed and SEP AutoProtect scanning would catch the risk if the file was decompressed during normal file operations.
If compressed file scanning has been disabled and symptoms persist, please open a case with Symantec Technical support. Enable symdaemon debug logging and gather the following data when SymDaemon CPU usage is high:
This was fixed in 12.1 RU6. An API call used to query the logged in user would cause CPU leaks to stack up while no user was logged in.
This was fixed in 12.1 RU6. There were some CPU threads, which are used to receive scan commands and execute them, still active in the system. This should not be the case since the threads are supposed to go off to a listen mode once it processes the incoming command. This was causing CPU threads to stack up and consume CPU.
Subscribing will provide email updates when this Article is updated. Login is required.