search cancel

Endpoint Protection's Application and Device Control may cause slow performance where there is large number of user profiles


Article ID: 172369


Updated On:


Endpoint Protection


SEP ADC (Symantec Endpoint Protection Application and Device Control feature) may cause slow performance where there is large number of Windows user profiles (thousands), such as on busy terminal/application servers. Slow application startup may be observed particularly for processes running under administrative accounts. The symptoms cease when the ADC component is uninstalled or the sysfer driver is disabled/stopped. This appears to occur only under older Windows operating systems, such as Windows Server 2008 R2 and Windows 7. Symptoms are not observer on Server 2012 / Windows 8 or newer.



The cause of the slowdown is due to Microsoft's implementation of the FindFirstVolumeMountPointW Windows API, which introduces an iteration through all user profile folders when the ADC sysfer driver is injected into a process running under an administrative account. SEP ADC needs to call this API; it is unavoidable without a product re-design that would introduce other problems. 


Windows 2008 R2, Windows 7



Symantec does not recommend installing the ADC component on older servers where there is such a large number of user profiles.

Or, if ADC must be installed, a newer operating system is recommended.