Software that performs very repetitive network file access is slower with SEP installed

book

Article ID: 159313

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

With Symantec Endpoint Protection (SEP) Antivirus component 12.1 installed, a piece of software that performs very repetitive network file access is slower to start or to work with.

  • The software is accessing a large number of files or queries a large number of directories over a UNC path or mapped drive.
  • The slowness is seen with only the Antivirus component of SEP installed.
  • The slowness is seen even with the Network Scanning feature disabled.
  • The slowness does not go away when using file or folder exclusions.

 

Cause

The Auto Protect Network Trust feature within SEP adds two registry keys that disables a part of the SMB2 Client Redirector Cache. The keys are necessary for reliable operation of the trust feature, but can be removed if trust is not used (or if network scanning is disabled altogether).

For further details about the SMB2 Client Redirector Cache please see:
http://technet.microsoft.com/en-us/library/ff686200%28v=ws.10%29.aspx

 

Resolution

  • Remove the following two registry values that were added by the SEP installation:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters
    Value: FileNotFoundCacheLifetime
    Value: DirectoryCacheLifetime
     
  • Uncheck the "Trust files on remote computers running Auto-Protect" option in the "Network Scanning Settings" section of the SEP Autoprotect Advanced Options.
     
  • Reboot to make the registry changes take effect.