High disk usage when Symantec Endpoint Protection clients update their virus and spyware definitions.

book

Article ID: 157757

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Disk I/O increases significantly for several minutes after a Symantec Endpoint Protection (SEP) 12.1 client updates is virus definitions.

Cause

Auto-Protect (AP) File cache optimization.

Resolution

This issue has been resolved in Symantec Endpoint Protection version 12.1 Release Update 5 (RU5). Please upgrade to this version or higher to resolve this issue.

 

To work around this problem, modify the SEP client Virus and Spyware Protection policy to disable Rescan cache on new definitions load.

  1. Log in to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies > Virus and Spyware Protection
  3. Select the policy you wish to update and click Edit the policy
  4. Click Auto-Protect > Advanced > File Cache
  5. Un-check Rescan cache when the new definitions load
  6. Save the policy changes and confirm your client receives the updated policy

 

Please note that disabling the rescan of Auto-Protect cache doesn't lower the protection provided by SEP clients.

For more details on this feature see the article: 

How does the "Rescan the cache when new definitions load" feature work in SEP?
http://www.symantec.com/docs/TECH191600