Consistent high CPU usage for com.broadcom.mes.systemextension is present. This occurs even when the system is idle with no user application activity.
Endpoint Protection for Mac 14.3 Release Update 2 and Release Update 3.
After collecting a CPU sample of the process, either manually or by using the GatherSymantecInfo tool, the CPU sampling can be reviewed to look for these two entries:
SecStaticCodeCheckValidityWithErrors
and
Security::CodeSigning::SecStaticCode::staticValidate
These are calls to get the process signer calculations to verify the process is valid.
The process signature information once calculated was not cached and this operation repeatedly used an extensive amount of CPU.
This issue is fixed in the Symantec Endpoint Protection (SEP) 14.3.5.0 (RU5) Mac client.
For information on how to obtain the latest build of SEP, see Download Symantec software, tools, and patches.
With the RU5 Mac client, the process signature information is cached to reduce the amount of signature calculations as that operation is expensive.
References:
Troubleshooting high CPU usage with com.broadcom.mes.systemextension
CRE-10635
ESMAC-2763
ESMAC-3292