You notice the Symantec Protection Engine (symcscan on Linux) process take 100% CPU utilization until the service is manually terminated. If the scanner is enrolled in the Centralized Cloud Console, you instead see the Symantec Protection Engine process taking 50% CPU utilization with the Symantec CAF Service (cafservicemain on Linux) service taking 50% CPU utilization until the services are manually terminated.

There is an unexpected interaction between Tanium and Protection Engine (SPE) that causes the services mentioned above to enter a state that utilizes all CPU resources.

• SPE 8.0 through SPE 8.2.1
• Tanium

This issue will be fixed in SPE 8.2.2. Please update to SPE 8.2.2 as soon as it is available. A workaround is available if upgrading is not feasible.

Workaround

You can exclude ports 9001 and 9002 from Tanium scanning on any SPE scanner. This will prevent the interaction that causes the issue.