ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection's Application and Device Control may cause slow performance where there is large number of user profiles

book

Article ID: 172369

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP ADC (Symantec Endpoint Protection Application and Device Control feature) may cause slow performance where there is large number of Windows user profiles (thousands), such as on busy terminal/application servers. Slow application startup may be observed particularly for processes running under administrative accounts. The symptoms cease when the ADC component is uninstalled or the sysfer driver is disabled/stopped. This appears to occur only under older Windows operating systems, such as Windows Server 2008 R2 and Windows 7. Symptoms are not observer on Server 2012 / Windows 8 or newer.

 

Cause

The cause of the slowdown is due to Microsoft's implementation of the FindFirstVolumeMountPointW Windows API, which introduces an iteration through all user profile folders when the ADC sysfer driver is injected into a process running under an administrative account. SEP ADC needs to call this API; it is unavoidable without a product re-design that would introduce other problems. 

Environment

Windows 2008 R2, Windows 7

SEP ADC

Resolution

Symantec does not recommend installing the ADC component on older servers where there is such a large number of user profiles.

Or, if ADC must be installed, a newer operating system is recommended.