Symantec Endpoint Protection (SEP) client is observed to be using large amounts of CPU time or hanging on an Exchange server, particularly when trying to stop the SEP service.  In addition, the ProfileManagement.Dat file in C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config is abnormally large.

Release: 14.3 RU1 or newer.

The exact cause of this is not currently known but appears to be tied to the automatic exclusions applied by SEP on Exchange servers. 

This issue is currently under investigation for a permanent solution.  Until one is available, use this workaround:

Disable automatic exclusions

To disable the automatic exclusions:

• disable Tamper Protection through policy
• set the value to 1 (reg_dword) on the following registry key:

                    HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\ProductControl\IgnoreExchangeServer

                    On 64-bit systems running 14.3 RU5 or newer, this key is;

                    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl\IgnoreExchangeServer

• Create manual exclusions for Exchange folders following Microsoft guidelines.
• Reboot server