Disk I/O increases significantly for several minutes after a Symantec Endpoint Protection (SEP) 12.1 client updates is virus definitions.
Auto-Protect (AP) File cache optimization.
This issue has been resolved in Symantec Endpoint Protection version 12.1 Release Update 5 (RU5). Please upgrade to this version or higher to resolve this issue.
To work around this problem, modify the SEP client Virus and Spyware Protection policy to disable Rescan cache on new definitions load.
Please note that disabling the rescan of Auto-Protect cache doesn't lower the protection provided by SEP clients.
For more details on this feature see the article:
How does the "Rescan the cache when new definitions load" feature work in SEP?