Table of Contents

Symantec Endpoint Protection
- 12.1
  - Tech Notes
- Notes

Symantec Endpoint Protection

12.1

Tech Notes

About Symantec Endpoint Protection product guide locations
Third-party security software removal support in Symantec Endpoint Protection 12.1.2 and later

Notes

File System Auto-Protect does not scan inside archives

The File System Auto-Protect functionality does not scan inside archives.
This also can't be enabled (at least not on version 12.1).

Sources:
Symantec Connect - Check for threats inside compressed files option in auto-protect
Symantec Connect - Auto-protect not catching malware, manual scan does
Symantec Connect - autoprotect do not scan files in archives

DefWatch Quick Scan

The scan that runs after the definition files have been updated. Can be disabled.

Source: Symantec KB - Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.0 and Symantec Client Security 3.0

SRTSP64.SYS high CPU usage

A system with SEP is fully utilizing one CPU core with the System process.

Closer examination with Process Explorer reveals that the CPU time is spent on SRTSP64.SYS.

This is a known issue with SEP 12.1 RU1 - 12.1 RU4 MP1b.

Workaround: Disable “Rescan cache when new definitions load” at the Auto Protect File Cache settings in SEP.

Source: Symantec Connect - srtsp64.sys cpu usage high