Customers may experience situations where SAVFMSECTRL.exe process, which is part of Symantec Mail Security for Microsoft Exchange (SMSMSE), is consuming excessive RAM memory.

The OS will log a low memory event similar to the one below and eventually crash:

"Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: SAVFMSECTRL.exe (8972) consumed 145605464064 bytes, w3wp.exe (31344) consumed 1782759424 bytes, and MSExchangeFrontendTransport.exe (10736) consumed 810184704 bytes."

SMSMSE 7.10 with antivirus definitions from before 7th October 2022.

The issue was caused by signer based detections. The STAR Team remediated it and released updated definitions dated 20221007.025.

Customers should run LiveUpdate on their SMSMSE servers and ensure the content from 7th October or later was successfully installed.