High CPU utilization by ccsvchst.exe after updating antivirus definitions to 7/5/2017 rev 8 or later.

book

Article ID: 170010

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After updating antivirus definitions to July 5th, 2017 revision 8 or later, CPU utilization by ccsvchst.exe increases considerably on clients running Symantec Endpoint Protection (SEP) 14.0. Specifically, the following conditions may be experienced:

  1. A momentary increase in CPU usage by ccsvchst.exe while accessing PDFs, Office files, or other non-executable files. This can include accesses during backing up these file types.
  2. An overall increase in CPU usage over time by ccsvchst.exe on busy file or application servers.  This CPU usage can occur any time, and does not coincide with active/scheduled scans.

 

 

Cause

On July 5th, a new SDS engine update was released that includes changes to Auto-Protect. This allows for additional scanning of non-executable file types. This includes reputation lookups on files types such as PDF, and Microsoft Office files. On systems with a large amount of files or where such files are accessed frequently, higher CPU usage can be experienced.

Resolution

This issue has been fixed in SEP 14.0.1.