ccSvcHst.exe crashes after applying Windows security updates from 1/3/2018 on computer running SEP 12.1.x


Article ID: 170737


Updated On:


Endpoint Protection


After installing the Microsoft Windows Security Updates released on January 3rd, 2018, the Symantec Endpoint Protection 12.1.x client service (ccSvcHst.exe) may terminate unexpectedly. Users will see that the SEP icon is no longer present in the Windows Notification Area.


The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 12 time(s).
"Faulting application name: ccSvcHst.exe, version:, time stamp:
Faulting module name: SfMan.plg, version: 12.1.7004.6500, time stamp: 
Exception code: 0xc0000005
Fault offset: 0x0001158e
Faulting process id: 0x9ac
Faulting application start time: 0x01d385af1ae1fcc9
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint
Faulting module path: C:\Program Files (x86)\Symantec\Symantec Endpoint
Report Id: 5980c2e9-f1a2-11e7-80d0-0050568a53e3
Faulting package full name: 
Faulting package-relative application ID:"


On 1/3/2018, Microsoft released an out-of-band security update for Windows. After applying the update, users may experience this issue. While this problem is not directly related to the ERASER engine update released by Symantec on 1/4/2018 (version 117.3.0), currently Windows Update will hide the update unless the ERASER update is present on the system.


Applies to Windows Operating Systems that received the January 3rd, 2018 Windows Security Updates.

Applies to SEP 12.1 clients versions 12.1 RU6 MP5 and earlier.


This issue affects Endpoint Protection 12.1 RU6 MP5 and earlier clients.  Prior to application of the January 3rd, 2018 Windows Security Updates, Symantec recommends that clients be updated to 12.1 RU6 MP6 or later, which is unaffected by the issue described in this document. 

After upgrading to 12.1 RU6 MP6 or later, if the Symantec Endpoint Protection (SEP) system tray icon reports there are multiple problems, refer to TECH248552 for a solution.