When running scans with Symantec Endpoint Protection for Linux, the computer has performance issues. The RTVSCAND component may also consume above average resources.
Endpoint Protection for Linux is configured by default to scan for the highest level of security, not the best performance. Auto-Protect may also consume additional resources when scanning compressed files, especially large archive formats (it can only scan 3 archive levels maximum).
To increase scan performance, you can disable scanning of compressed files or exclude directories that contain large archival file formats.
Note: If scanning of compressed files is required by your company's security policy, either perform the scan manually or set a scheduled scan during off-peak hours.
Disable scanning of compressed files from Symantec Endpoint Protection Manager (SEPM), version 12.1 RU5 (12.1.5337.5000) or later only (both Endpoint Protection for Linux and SEPM).
In SEPM, click Policies > Virus and Spyware Protection.
Select your antivirus (AV) policy, expand Linux Settings, and then under Protection Technology, select Auto-Protect.
On the Scan Details tab, click on Advanced Scanning and Monitoring, and uncheck Scan files inside compressed files (if checked)
Click OK to save the policy and assign it to the client group.
Excluding the following directories may increase scan performance:
You can also exclude other large archival formats, such as mail stores and databases. For example, scans may occur on a database file every time it is read (reads can occur hundreds of times per second). This adds significant overhead and affects performance for both the application and the system.