From client side,it seems that it is online. But on the Symantec Endpoint Protection Manager console,the clients show offline status.Check the sylink log, it seems that SMC throw Internet Exception:Error Code=122;AH: failed to open request.
In the Sylink Monitor log:
Throw Internet Exception, Error Code=122;AH: failed to open request.
11/01 14:56:20.896  http://<SEPM's IP Address:Port Number>
11/01 14:56:20.896  Throw Internet Exception, Error Code=122;AH: failed to open request.
11/01 14:56:20.896  CInternetException: : �ǻ���t�ΩI�s����ưϤӤp�C
11/01 14:56:19.771  COMPLETED, returned 7
2013/11/20 15:18:57.675 [3876:4580] <CheckUserInformation>: Failed to open ccSettings key UserInformation. (Probably because it doesn't exist) Error: 2147483904
2013/11/20 15:18:57.878 [3876:2364] <SyLink>[MakeRegisterData] registration Hardware Key=051D619910F07E1A0120000D8CA02C8B
2013/11/20 15:18:57.878 [3876:2364] Sylink:(EXCEPTION, err=122) AH: failed to open request.
2013/11/20 15:18:57.878 [3876:2364] <SyLink>[SendRegsitrationRequest] Request Result= 7
2013/11/20 15:18:57.893 [3876:2364] ###### Set ACSConnec offline
From the sceenshot, It seems that SMC.exe and CCsvchst.exe call the dynamic library(.dll) of the three party software. Or it could be understood that the third party software injects their dynamic library into the system, so SEP client loads them.
It is not virus and some softwares like Font translate software have such behaviour.
Please remove the 3rd Party Application :
Product Name: 字霸中文 自動造字系統Client（V8.5）
Publisher: Astar Printerlink Co., Ltd.
PATH=> C:\Program Files\AstarSoftlink\AsEudcClient\
Symantec Endpoint Protection 12.1.3 - RU3