A system with Symantec Endpoint Protection (SEP) is experiencing high CPU usage. You determine the issue is caused by ccSvcHst.exe.
The system is business-critical and restarting it is undesirable.
You can also gather a Process Monitor trace or process dump of ccsvchst. These are not preferred, but can be useful in certain situations.
cmd.exe
.procdump –ma -c <CPU usage percentage that will trigger a dump> <Process ID of high CPU ccsvchst.exe process> ccsvchst.dmp
procdump -ma -c 50 2300 ccsvchst.dmp
The process ID of the offending ccSvcHst.exe process can be determined as follows:
- Right-click the Windows task bar and select Start Task Manager.
- Navigate to the Processes tab, and click the CPU column header to sort the processes by CPU usage.
- Make note of the offending ccSvcHst.exe process' CPU usage.
Note: If the PID column is not visible, click View > Select Columns, check PID (Process Identifier), and then click OK.