After updating antivirus definitions to July 5th, 2017 revision 8 or later, CPU utilization by ccsvchst.exe increases considerably on clients running Symantec Endpoint Protection (SEP) 14.0. Specifically, the following conditions may be experienced:
On July 5th, a new SDS engine update was released that includes changes to Auto-Protect. This allows for additional scanning of non-executable file types. This includes reputation lookups on files types such as PDF, and Microsoft Office files. On systems with a large amount of files or where such files are accessed frequently, higher CPU usage can be experienced.
This issue has been fixed in SEP 14.0.1.