Procmon reveals that the Symantec Endpoint Protection (SEP) service, ccSvcHst.exe, is querying files on network drives or shares every 10 or 30 minutes.
The Symantec IRON driver is reaching out to these files to gather information such as SHA256. If the driver is unable to retrieve the required information, it will retry every 10 minutes if the computer or user is idle, or every 30 minutes if the computer or user is busy. In some cases this behavior may lead to problems on your network.
This issue was fixed in SEP 12.1 RU2.
You can remove the ATPI.DB file to stop SEP from reaching out to these files: