Users employ a macro which pulls data using an API and in which Symantec Endpoint Security (SES) appears to cause latency in process.
Administrators notice that when taking SES down to core files only, the network latency in the macro processes stops. Reintroducing Advanced Download Protection, which requires the AV parent component, reintroduces the problem. When only AV is enabled and advanced download protection is disabled, the problem also subsides.
Release : 14.3 RU3
Component : Default-Sym
AMSI, a component included with SEP 14.3 RU1 and later, provides scanning of command content. Currently there is no effective granularity for controlling false positives, exceptions, or policy modifications with AMSI.
Currently there is no effective option to manage AMSI exceptions with any degree of granularity and there is no deadline provided for such an offering. The workaround is to disable SES's AMSI component by following the directions at this link.
NOTE: Another workaround exists for scenarios where the Windows AMSI counterpart in Windows Server security interferes with the launch of the SEP AMSI component, which causes performance issues. That resolution involves disabling the Windows policy interfering with SEP's AMSI component's launch.