After installing the Microsoft Windows Security Updates released on January 3rd, 2018, the Symantec Endpoint Protection 12.1.x client service (ccSvcHst.exe) may terminate unexpectedly. Users will see that the SEP icon is no longer present in the Windows Notification Area.
The Symantec Endpoint Protection service terminated unexpectedly. It has done this 12 time(s). "Faulting application name: ccSvcHst.exe, version: 18.104.22.168, time stamp: 0x573cfe4d Faulting module name: SfMan.plg, version: 12.1.7004.6500, time stamp: 0x576a271f Exception code: 0xc0000005 Fault offset: 0x0001158e Faulting process id: 0x9ac Faulting application start time: 0x01d385af1ae1fcc9 Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe Faulting module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\SfMan.plg Report Id: 5980c2e9-f1a2-11e7-80d0-0050568a53e3 Faulting package full name: Faulting package-relative application ID:"
On 1/3/2018, Microsoft released an out-of-band security update for Windows. After applying the update, users may experience this issue. While this problem is not directly related to the ERASER engine update released by Symantec on 1/4/2018 (version 117.3.0), currently Windows Update will hide the update unless the ERASER update is present on the system.
This issue affects Endpoint Protection 12.1 RU6 MP5 and earlier clients. Prior to application of the January 3rd, 2018 Windows Security Updates, Symantec recommends that clients be updated to 12.1 RU6 MP6 or later, which is unaffected by the issue described in this document.
After upgrading to 12.1 RU6 MP6 or later, if the Symantec Endpoint Protection (SEP) system tray icon reports there are multiple problems, refer to TECH248552 for a solution.