We have a number of windows test machines that are used as clients to servers running the runtime variant of a product. Since upgrading to SEP12 we have noticed a major throughput impact i.e.
For testing we run a simple Java based application (Perfharness). This reads in a single config file and then will do all its work over HTTP. Without SEP enabled on a given machine we can get around 19,000 messages/second but as soon as we turn on SEP (more specifically the file system auto-protect) the rates will drop to ~8,000. (On a machine where we have Windows Client & Server the impact is 37,000 -> 14,000!).
Looking at the stack of the Java process we can see that SEP is a major CPU factor - With SEP Enabled:
PID 58803 10.45 java.exe_12d8
MOD 21971 3.90 C:\ProgramData\Symantec\Symantec-Endpoint-Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20141125.011\IDSvia64.sys
MOD 17657 3.14 C:\Windows\system32\ntoskrnl.exe
MOD 3979 0.71 JITCODE
MOD 3409 0.61 c:\progra~1\ibm\java70\jre\bin\compressedrefs\J9THR26.dll
MOD 2780 0.49 C:\Windows\system32\DRIVERS\NETIO.SYS
MOD 2720 0.48 C:\Windows\System32\drivers\tcpip.sys
without SEP
PID 84225 11.42 java.exe_0df0
MOD 17241 2.34 NoModule
MOD 16997 2.30 c:\progra~1\ibm\java70\jre\bin\compressedrefs\J9THR26.dll
MOD 16528 2.24 C:\Windows\system32\ntoskrnl.exe
MOD 7569 1.03 C:\Windows\system32\DRIVERS\NETIO.SYS
Does anyone know whats causing this? We see much higher Kernel Cpu time when SEP is enabled. We have been told we are not doing the network intrusion so don't understand why its causing such an impact.
(This is a managed client - Version 12.1.4100.4126)