Processes and services used by Endpoint Protection 14


Article ID: 170706


Updated On:


Endpoint Protection


You want to know which processes and services are used by Symantec Endpoint Protection (SEP) 14.



This table lists the services used by SEP.

  Service Name Executable Description
SEP Symantec Endpoint Protection sms.dll Provides malware and threat protection for Symantec Endpoint Protection
Symantec Network Access Control snac64.exe Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network.
SEPM Symantec Embedded Database dbsrv16.exe Embedded database used by Symantec Endpoint Protection Manager
Symantec Endpoint Protection Launcher SemLaunchSvc.exe Launch service which can invoke special processes for Symantec Endpoint Protection Manager.
Symantec Endpoint Protection Manager SemSvc.exe Application server which communicates with Symantec Endpoint Protection Manager, Symantec Protection clients, and a database.
Symantec Endpoint Protection Manager API Service SemSvc.exe Application server provides web services.
Symantec Endpoint Protection Manager Webserver httpd.exe Web server which communicates with Symantec Endpoint Protection Manager, Symantec Endpoint Protection clients, and a database.
Symantec MSS DB Connector prunsrv.exe This service allows a MSS Collector to remotely access DB services. This is service is only installed when the Synapse Log Collector for SEPM Embedded DB is installed for ATP. The log collector enables ATP to collect incident logs from a Symantec Endpoint Protection Manager database.
SEPM 14.1 Symantec Endpoint Protection Bridge Service prunsrv.exe Bridge service.
Symantec Endpoint Protection Bridge Uploader Service BridgeUploaderSrv.exe Data uploader service.


This table lists the processes used by SEP.

Executable Description
ClientRemote.exe Remote install SEP client
SemSvc.exe Tomcat service
SemLaunchSvc.exe Runs under Local System account. SEPM uses this service component to run services that requires elevated privilege
sesmcontinst.exe Utility used for importing .VDB/.JDB files (VirusDefs) into SEPM. Also used to cleanup AV and IPS temporary content files during uninstallation.
LuCatalog.exe Utility to register/unregister SEPM's with LiveUpdate. Update/sync LU Inventory
LUALL.exe Download contents from liveupdate servers. If proxy used and need authentication, component SysUtil.exe will be launched to start LUALL.exe.
LuCallbackProxy.exe Part of Live Update. The Call Back Proxy Module monitors how many updates are required to be downloaded, and schedules downloads to be performed at various times through various mirror sites to increase download efficiency.
LuComServer_3_3.exe LiveUpdate Core Engine
httpd.exe Apache process
dbisqlc.exe Embedded DB process
dbsrv16.exe Embedded DB process
semapisrv.exe Tomcat instance service running for REST web-services.
snac64.exe Symantec Network Access Control executable. Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network .
AutoExcl.exe Helps to configure exclusion list on the SEP Client.
DoScan.exe Responsible for scanning.
nlnhook.exe hook lotus notes
SavUI.exe Responsible for UI related to Scan dialog
SepLiveUpdate.exe Live Update 
Smc.exe Communication with the SEPM
SmcGui.exe Controls the SEP system tray icon and its functions
SymCorpUI.exe Controls user interface of SEP
symerr.exe Error reporting component
ccSvcHst.exe This is Symantec Service Framework. For e.g SepMasterService service run using the framework provided by ccSvcHst
DevViewer.exe It helps you find hardware device ID's for device blocking in Symantec Endpoint Protection (SEP).
DWHWizrd.exe Mainly used when a new set of definitions comes in. It is also used to re-scan files in quarantine when new virus definitions are updated and installed.
RtvStart.exe  Application to restart RTVScan service
roru.exe The installer in Symantec Endpoint Protection 12.1 uses the Replace On Reboot Uninstaller (RORU), whereby an older version of SEP will not actually be removed and replaced by the newer version until after a reboot. 
WSCSAvNotifier Used to update AntiVirus status to Windows Security Center.