Things to do first:

• Exclude scanning NFS mounts
• Add exclusions for known good applications
  
  
  

DCS Example Shown Below
NOTE: For SEPFL you must enter it into the exclusions as outlined in the SEP Exceptions Policy as any exclusions manually entered for SEP Agents will not be processed.

After mounts are excluded and known good exclusions are added, if you still see issues please try the following:

• Reduce archive scan level from default '10' to '0'
  
  1. Stop the AMD service: /etc/init.d/sisamdagent stop
  
  2. Edit the configuration file: vim /opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini   (save the changes)

....
[Scanner]
#Maximum archive level.
#Max value INT64_MAX.
#Requires service restart to apply.
scanner.max.container.depth=0

         3 Start the AMD service: ./etc/init.d/sisamdagent start

• Increased onDemand threads in AntiMalware.ini (Note: this can increase performance but may also increase scan CPU)
  
  1. Stop the AMD service: /etc/init.d/sisamdagent stop
  
  2. Edit the configuration file: vim /opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini   (save the changes)

Find the thread you want to increase and change the value higher than 4 but not exceeding 16.

#Max number of Scan threads can be 16.
#Requires service restart to apply.
amdmanagement.ondemand.scan.threads=4
#Max number of AutoProtect Scan threads can be 16.
#Requires service restart to apply.
amdmanagement.ap.scan.threads=4

         3. Start the AMD service: /etc/init.d/sisamdagent start

This would be the last option to try as this can impact scan performance: (This caps each cpu to 40% AMD, so if you have 4 cores, you could still see a maximum of 160% CPU being used)

• Set CPU quota to limit CPU

For sisamddaemon to set 40% with the command below:

systemctl set-property --runtime sisamddaemon CPUQuota=40%

(Note: These settings will be lost on system reboot unless you create a cron job on startup)