search cancel

High CPU usage for SEP Client on high file traffic servers

book

Article ID: 238038

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Servers experience spiking 90% CPU usage regularly. It happens consistently but goes below 60% often before going back to max CPU. Server types, such as a Print Server, constantly receive new files that exhibit this issue.

Cause

The Autoprotect policy can cause this issue when it is set to scan on read, modify, and execute. 

      • ScanOnExec: 1 (ApplyMode: ADMIN, Lock: 1)
      • ScanOnModify: 1 (ApplyMode: ADMIN, Lock: 1)
      • ScanOnRead: 1 (ApplyMode: ADMIN, Lock: 1)

This can be redundant, meaning the same file can be scanned several times if it is in use, before it is even changed. 
In a high capacity server this can make a large difference.

Environment

Release : 14.3 RUx

Resolution

 
Set this to only scan on modify. See the following techdoc on scan performance: 

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/preventing-and-handling-virus-and-spyware-attacks-v40739565-d49e172/adjusting-scans-to-improve-computer-performance-v43247410-d49e443.html

Scans can also take a long time to complete on servers. For example, the scan may not be completing.

Auto-protect will use this scan data, so if it completes it will help it. It is recommended in this situation to increase the scan tuning. It is currently set to "10" which is the slowest option. If you set it to a lower number such as 5 or 8 and schedule it during off hours, this will help.