Symantec Endpoint Protection (SEP) client computers become slow or unresponsive. The ccsvchst.exe process uses up to 50% or more CPU for long periods of time after restarting the computer, or updating SEP policies.
The Serdef.dat, Server.dat and Backup.dat files in the C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config folder on the SEP client grow to be over 5 MB in size.On the Symantec Endpoint Protection Manager, the Profile.xml files for the groups the affected clients belong to grow to the same size. Profile.xml can be found on the SEPM in: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Data\Outbox\agent\
One or more replication partner sites that have been migrated from SEPM 11.x to 12.1.
This problem specifically happens during the migration process from SEPM 11.x to 12.1 in replication environments. It occurs when a change is made to a LiveUpdate Content policy on an 11.x SEPM which is then migrated to 12.1 before the policy change can be replicated to its partners. This causes a mismatch in policy information, which causes the same information to be appended to the LiveUpdate content policy repeatedly each time replication occurs. As the LiveUpdate content policy grows in size, it uses more and more network bandwidth to transfer and causes higher and higher resource usage on the SEP client to process the policy.
The affected LiveUpdate Content policy must be recreated to remove the data inconsistency. After recreating the policy, the original policy can be deleted. Since this problem can only happen during a migration from 11.x to 12.1, it will not recur after replacing the affected policies.
Subscribing will provide email updates when this Article is updated. Login is required.