Until recently I had not had a reason to work with Content Filters in Symantec Mail Security. My first experience was somewhat less than ideal. The reason for this is that the new content filters are enabled by default. I had intended to use the content filter with a manual scan to test the functionality on our system. A combination of a configuration mistake on my part (the filter was set to apply to the message store) combined with the filter being enabled by default resulted in a massive flood of RPC requests to the information store on the affected mailbox server, which resulted in sever performance degradation.
My recommendation to Symantec would be that future releases of SMSMSE set new content filters to DISABLED by default. This would at least allow administrators to double check their configuration before the filter becomes active. Also, the content filter edit window should pop up a warning to the effect that applying a content filter to the information store can result in performance degradation.