You want to know which processes and services are used by Symantec Endpoint Protection (SEP) 14.
This table lists the services used by SEP.
Service Name | Executable | Description | |
---|---|---|---|
SEP | Symantec Endpoint Protection | sms.dll | Provides malware and threat protection for Symantec Endpoint Protection |
Symantec Network Access Control |
snac64.exe | Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network. | |
Symantec Migration Service (SEPMasterServiceMig) | "It's a service used during upgrade with reboot, After new SEP is installed side by side with the old one and until you reboot ,new partially installed SEP is hosted in SepMasterServiceMig, while the old one runs in SepMasterService. During reboot the old one is deleted and SepMasterServiceMig is renamed to SepMasterService." | ||
SEPM | Symantec Embedded Database | dbsrv16.exe | Embedded database used by Symantec Endpoint Protection Manager |
Symantec Endpoint Protection Launcher | SemLaunchSvc.exe | Launch service which can invoke special processes for Symantec Endpoint Protection Manager. | |
Symantec Endpoint Protection Manager | SemSvc.exe | Application server which communicates with Symantec Endpoint Protection Manager, Symantec Protection clients, and a database. | |
Symantec Endpoint Protection Manager API Service | SemSvc.exe | Application server provides web services. | |
Symantec Endpoint Protection Manager Webserver | httpd.exe | Web server which communicates with Symantec Endpoint Protection Manager, Symantec Endpoint Protection clients, and a database. | |
Symantec MSS DB Connector | prunsrv.exe | This service allows a MSS Collector to remotely access DB services. This is service is only installed when the Synapse Log Collector for SEPM Embedded DB is installed for ATP. The log collector enables ATP to collect incident logs from a Symantec Endpoint Protection Manager database. | |
SEPM 14.1 | Symantec Endpoint Protection Bridge Service | prunsrv.exe | Bridge service. |
Symantec Endpoint Protection Bridge Uploader Service | BridgeUploaderSrv.exe | Data uploader service. |
This table lists the processes used by SEP.
Executable | Description |
---|---|
SEPM | |
ClientRemote.exe | Remote install SEP client |
SemSvc.exe | Tomcat service |
SemLaunchSvc.exe | Runs under Local System account. SEPM uses this service component to run services that requires elevated privilege |
sesmcontinst.exe | Downloads SEPM updates from LiveUpdate servers. Used also for importing .VDB/.JDB files (VirusDefs) into SEPM. Also used to cleanup AV and IPS temporary content files during uninstallation. |
LuCatalog.exe | Utility to register/unregister SEPM's with LiveUpdate. Update/sync LU Inventory |
LuCallbackProxy.exe | Part of Live Update. The Call Back Proxy Module monitors how many updates are required to be downloaded, and schedules downloads to be performed at various times through various mirror sites to increase download efficiency. |
LuComServer_3_3.exe | LiveUpdate Core Engine |
httpd.exe | Apache process |
dbisqlc.exe | Embedded DB process |
dbsrv16.exe | Embedded DB process |
semapisrv.exe | Tomcat instance service running for REST web-services. |
SEP | |
snac64.exe | Symantec Network Access Control executable. Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network . |
AutoExcl.exe | Helps to configure exclusion list on the SEP Client. |
DoScan.exe | Responsible for scanning. |
nlnhook.exe | hook lotus notes |
SavUI.exe | Responsible for UI related to Scan dialog |
SepLiveUpdate.exe | Runs LiveUpdate on clients -- ccSvcHst is the process that actually connects to LiveUpdate server |
Smc.exe | Communication with the SEPM |
SmcGui.exe | Controls the SEP system tray icon and its functions |
SymCorpUI.exe | Controls user interface of SEP |
symerr.exe | Error reporting component |
ccSvcHst.exe |
This is Symantec Service Framework. For SepMasterService service run using the framework provided by ccSvcHst. Among other functions:
|
DevViewer.exe | It helps you find hardware device ID's for device blocking in Symantec Endpoint Protection (SEP). |
DWHWizrd.exe | Mainly used when a new set of definitions comes in. It is also used to re-scan files in quarantine when new virus definitions are updated and installed. |
RtvStart.exe | Application to restart RTVScan service |
roru.exe | The installer in Symantec Endpoint Protection 12.1 uses the Replace On Reboot Uninstaller (RORU), whereby an older version of SEP will not actually be removed and replaced by the newer version until after a reboot. |
WSCSAvNotifier | Used to update AntiVirus status to Windows Security Center. |
SymCloseUI |
Used in install scenarios such as uninstall, or add/remove feature to ensure SEP UI is closed during install operation. Open UI blocks SEP services from stopping, causing install failures. In order to effectively close UI in all user sessions it installs temporary |
MigrateUserScans.exe |
It is responsible for migrating user scans from SAV and SEP11. (This EXE has been removed from SEP version 14.3 RU5 and later) |
Exclusions for Symantec Endpoint Protection (SEP) if Agent is having a conflict when 3rd party security protection software is installed.
Resolution : Configure the 3rd party security protection software to exclude SEP folders and processes, which will prevent them from monitoring data that is written to or read from the folders.
It is recommended to whitelist all of the processes and folders that are listed below:
Endpoint Agent Installation Location * {SEP 14.0 to 14.3 RU4} |
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ |
Endpoint Agent Installation Location * {SEP 14.3 RU5 and above} |
C:\Program Files\Symantec\Symantec Endpoint Protection\ |
Endpoint Agent Data Folder Location * |
C:\ProgramData\Symantec\Symantec Endpoint Protection\ |
Endpoint Service name (SepMasterService) |
Sms.dll |
Processes |
AutoExcl.exe |
* Need to exclude all subfolders.