100% Disk Use by Symantec Endpoint Protection (15rd April 2013)
Look out for the processes rtvscan.exe and lucallbackproxy.exe by using Task Manager, Performance tab, Resource Monitor button, then select the Disk tab. They spawn lots of extra processes, some only show up as System by Symantec is behind them!
Symantec, may I suggest that you don’t start a full system scan when a fullscreen application is running? And maybe don’t grab 100% of my system resources for 4-5 hours at a time?
The administrator policy at my workplace does not allow pausing and snoozing of Symantec scans. If your company uses this software, please, let your employees do this.
Context
In the middle of watching a TV show from my Freeview HD USB stick, this anti-virus software decided to run it’s scan. And it used almost 100% of the disk resources to do it.
So I’m going to moan about it for a while.
This brought our TV show to a gradually degrading, then stuttering mess of unintelligable audio frames on a blank screen. We couldn’t finish the show later because the scan ran all evening.
It’s such an obnoxious thing to do. It ruined our plans for a quiet night in front of the TV. All anti-virus programs I’ve used in recent years don’t run themselves if a fullscreen program is open. This is obviously better!
When I left it alone for while, the laptop went to sleep. I had to wake the laptop and put it in Presentation mode for the scan to continue running. That means my morning routine is also ruined because I can’t pack my bag tonight.
It Changes the Registry
Why has it done this? More settings to research…although I can’t do that now because the scan is freezing up Firefox for seconds at a time.
| Event | Computer | User | Logged By | Description | Date and Time |
|---|---|---|---|---|---|
| Configuration Changed | BEN-LAPTOP | Administrator | System | New Value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Quarantine\ForwardingEnabled = 0
| 2013-04-15 12:19:17 |
| Configuration Changed | BEN-LAPTOP | Administrator | System | New Value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Quarantine\ForwardingPort = 33
| 2013-04-15 12:19:17 |
| Configuration Changed | BEN-LAPTOP | Administrator | System | New Value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Quarantine\ForwardingServer = [Empty]
| 2013-04-15 12:19:17 |
| Configuration Changed | BEN-LAPTOP | Administrator | System | New Value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security\UseScanNetDrivePassword = 0
| 2013-04-15 12:19:17 |
| Configuration Changed | BEN-LAPTOP | Administrator | System | Changed value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\APESleep from 30 to 5
| 2013-04-15 12:19:17 |
Alternative Programs
AVG was bearable but still not good enough. Windows Security Essentials has been alright. It does lag the startup for a minute but I usually Sleep rather than Shut Down the laptop.
It also seemed to be fighting with Windows Security Essentials as MsMpEng.exe started creeping up the Disk tab in Resource Monitor.
The sad thing is the company I’m now working at only allows ‘protected’ machines to use their network and I’m due to be there for 3 months.
Alternative Settings
Can we negotiate a profile of settings which provides adequate security without making the machine grind to a halt every Monday evening? If so, why don’t Symantec set that as the default? Stay tuned to find out…
Tuesday evening would be OK. The machine tends to sleep all evening on a Tuesday. It could wake up the machine and run after a prolonged spell of sleep while plugged in after office hours but before typical bedtime.
That would be the smart and polite thing to do.