Symantec Endpoint Protection (SEP) client is observed to be using large amounts of CPU time or hanging on an Exchange server, particularly when trying to stop the SEP service. In addition, the ProfileManagement.Dat file in C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config is abnormally large.
Release: 14.3 RU1 or newer.
The exact cause of this is not currently known but appears to be tied to the automatic exclusions applied by SEP on Exchange servers.
This issue is currently under investigation for a permanent solution. Until one is available, use this workaround:
Disable automatic exclusions
To disable the automatic exclusions:
HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\ProductControl\IgnoreExchangeServer
On 64-bit systems running 14.3 RU5 or newer, this key is;
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl\IgnoreExchangeServer