AMSI integration may cause a performance degradation in certain interactions


Article ID: 197096


Updated On:


Endpoint Protection


Symantec Endpoint Protection running on Windows 10 1903 or above may experience a performance degradation when interacting with certain applications. 


The "Enable Svchost.exe mitigation options" policy (EnableSvcHostMitigationPolicy) in Windows 10 1903+ and Windows Server security baselines causes the SymAMSI.dll plug-in to fail to load. 

SymAMSI.dll meets all Microsoft AMSI provider signing requirements, but will still fail to load if this Microsoft Security Policy is enabled. 


Disable the "Enable Svchost.exe mitigation options" Security Settings policy. 

  • System\Service Control Manager Settings\Security Settings - "Enable Svchost.exe mitigation options"

Microsoft has removed this option from their Security Baselines due to reported incompatibilities with multiple vendors.

See the below Microsoft articles for additional detail: