High disk usage when Symantec Endpoint Protection clients update their virus and spyware definitions.


Article ID: 157757


Updated On:


Endpoint Protection


Disk I/O increases significantly for several minutes after a Symantec Endpoint Protection (SEP) 12.1 client updates is virus definitions.


Auto-Protect (AP) File cache optimization.


This issue has been resolved in Symantec Endpoint Protection version 12.1 Release Update 5 (RU5). Please upgrade to this version or higher to resolve this issue.


To work around this problem, modify the SEP client Virus and Spyware Protection policy to disable Rescan cache on new definitions load.

  1. Log in to the Symantec Endpoint Protection Manager (SEPM)
  2. Click Policies > Virus and Spyware Protection
  3. Select the policy you wish to update and click Edit the policy
  4. Click Auto-Protect > Advanced > File Cache
  5. Un-check Rescan cache when the new definitions load
  6. Save the policy changes and confirm your client receives the updated policy


Please note that disabling the rescan of Auto-Protect cache doesn't lower the protection provided by SEP clients.

For more details on this feature see the article: 

How does the "Rescan the cache when new definitions load" feature work in SEP?