SEP 12.1.3 -- Extreme Read I/O-activity slows clients down

Sorry for double-posting this as a reply on a previous thread and as a new topic, but after a week of silence I'm hoping this might lead to a quicker resolution;

We seem to be experiencing a peculiar problem since SEP 12 (still going on with 12.1.3) that's been annoying our fellow admins and users (~3500) for awhile now...

 

The System-process accumulates a massive amount of read I/O (anywhere from 10-100GB in a workday), about 80 percent of people affected aren't bothered by or notice it but those that do have systems that are almost completely bogged down and unresponsive when the activity kicks in. The slowdown mostly happens a few minutes after login and somewhere later on in the day, most likely after getting the latest definitions. An "SMC -Stop" immediately resolves the issue.

We upgraded from 11.x to 12, after which we started noticing more and more performance complaints. We've already tried using CleanWipe to remove all traces of the upgraded client, and completely reïnstalling the latest package from scratch. Also newly deployed systems exhibit these symptoms. Our SEPM-server is also the latest version. We mostly use Windows 7 x64 SP1 as our baseline OS with the 64-bit client, but can't say for sure if 32-bit XP systems are also affected since we're in the process of migrating those to 7.
 

It 'feels' like a full scan is performed everytime defs are updated, except that besides a single full scan once a month, there are no configured scheduled scans. Also no status window appears after enabling it and people that are having this issue experience it every single day so that just can't be it. We've tried disabling file cache and rescanning the cache to no avail. There is no significant cpu-activity increase, but disk activity rises to 100% which is sustained until it drops off suddenly.  Maybe it's an interaction problem with a different process or service but again, disabling SEP resolves it immediately.

 

With sysinternals process explorer as well as performance logging we haven't been able to identify the cause. Any help or advice would be greatly appreciated. We hope there are admins out there who dealt with the same issue in their organization and happened to come across the solution.