High CPU usage when 500 or more exclusions are used with Endpoint Protection
search cancel

High CPU usage when 500 or more exclusions are used with Endpoint Protection

book

Article ID: 252083

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

With Endpoint Protection (SEP) or Endpoint Security (SES) installed, elevated or high CPU usage is seen for the ccSvcHst.exe process. 

Environment

Release : 14.3 RU5 and older

Cause

When more than 500 hash based exclusions are configured in the White List or Exceptions policy, SEP will utilize higher CPU resources in order to read and update the exclusion list. 

Resolution

This issue is fixed in Symantec Endpoint Protection 14.3.7.0 (RU7).  For information on how to obtain the latest build of SEP, see: Download Symantec software, tools, and patches. 

For older clients, reduce the number of hash based exceptions to 500 or less. 

Additional Information

Symptoms:

1. In procmon log will find ProfileManagement.dat file is being read over & over again.

C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.8268.5000.105\Data\Config\ProfileManagement.dat

2. ProfileManagement.dat will likely also be quite large, 50Mb+ 

Powered by Wolken Software