search cancel

High CPU usage for SEP Client on high file traffic servers


Article ID: 238038


Updated On:


Endpoint Security Complete


Servers experience spiking 90% CPU usage regularly. It happens consistently but goes below 60% often before going back to max CPU. Server types, such as a Print Server, constantly receive new files that exhibit this issue.


The Autoprotect policy can cause this issue when it is set to scan on read, modify, and execute. 

      • ScanOnExec: 1 (ApplyMode: ADMIN, Lock: 1)
      • ScanOnModify: 1 (ApplyMode: ADMIN, Lock: 1)
      • ScanOnRead: 1 (ApplyMode: ADMIN, Lock: 1)

This can be redundant, meaning the same file can be scanned several times if it is in use, before it is even changed. 
In a high capacity server this can make a large difference.


Release : 14.3 RUx


Set this to only scan on modify. See the following techdoc on scan performance:

Scans can also take a long time to complete on servers. For example, the scan may not be completing.

Auto-protect will use this scan data, so if it completes it will help it. It is recommended in this situation to increase the scan tuning. It is currently set to "10" which is the slowest option. If you set it to a lower number such as 5 or 8 and schedule it during off hours, this will help.