It would likely take months to unravel all of this in a corporate environment. A few key points to focus on...
- SSD will help solve the slowness caused by drive encryption and high I/O absolutely
- A/V on the desktop shouldn't be that intrusive however. Your security dept is likely playing a CYA game instead of addressing the actual needs. Press for more protection before the desktop limiting desktop scans to weekly. Real time protection on the desktop is necessary and must be factored in when sizing a desktop platform.
- Updates are a necessity and must be taken into account when selecting a desktop platform. i3 procs have no place in corporate environments, i5 procs only belong on the lowest demand desktop
- Ensuring drives are not allowed to get "too full" is important to performance
- Adequate memory is necessary to reduce disk swapping which be an be a heavy I/O load