Performance issues occur when running scans using Symantec Endpoint Protection (SEP) for Linux. The rtvscand (or sisamddaemon in case of SEP 14.3 RU1 and above) process may consume above-average resources.
By default, SEP for Linux is configured to scan for the highest level of security, not the best performance. Auto-Protect may also consume additional resources when scanning compressed files, especially large archive formats (it can only scan 3 archive levels maximum).
To increase scan performance:
To disable Auto-Protect scanning of compressed or remote files:
Note: If scanning of compressed files is required by your company's security policy, either perform the scan manually or set a scheduled scan during off-peak hours.
Exclude the following directories to increase scan performance:
Note: SEP for Linux will try to scan these directories. At best, your system log will be clogged with "failed to open file" messages and slow performance. At worst, SEP may crash. See Endpoint Protection for Linux crashes during scan of system directories.
You can also exclude other large archival formats, such as mail stores and databases. For example, scans may occur on a database file every time it is read (reads can occur hundreds of times per second). This adds significant overhead and affects performance for both the application and the system.
Exclude any folder where a remote (shared) file system is mounted. Network shares should be scanned by their host, not by clients accessing them.
Note: From SEP Linux 14.3 RU1 MP1 client, AutoProtect driver by default excludes pseudo file system like /proc /dev /sys etc. Hence if the SEP Linux client is 14.3 RU1 MP1 or higher version, excluding below directories is not required.