Endpoint Protection client process hang / high CPU usage on Microsoft Exchange servers
search cancel

Endpoint Protection client process hang / high CPU usage on Microsoft Exchange servers

book

Article ID: 259430

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

Symantec Endpoint Protection (SEP) client is observed to be using large amounts of CPU time or hanging on an Exchange server, particularly when trying to stop the SEP service.  In addition, the ProfileManagement.Dat file in C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config is abnormally large.

Environment

Release: 14.3 RU1 or newer.

Cause

Problem in processing MS Exchange exclusions in certain situations

Resolution

This issue has been resolved in SEP 14.3 RU8

For older releases, please refer to the workaround below:

Disable automatic exclusions

To disable the automatic exclusions:

  • disable Tamper Protection through policy
  • set the value to 1 (reg_dword) on the following registry key:

                    HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\ProductControl\IgnoreExchangeServer

                    On 64-bit systems running 14.3 RU5 or newer, this key is;

                    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl\IgnoreExchangeServer

  • Create manual exclusions for Exchange folders following Microsoft guidelines.
  • Reboot server