You have a system with Symantec Endpoint Protection (SEP) that is experiencing high CPU usage. You determine the issue is caused by ccSvcHst.exe. It is possible to reboot the system (see the Related Articles section if that should not be the case).
SEP 12.1, 14 or higher
procdump –ma -c <CPU usage percentage that will trigger a dump> <Process ID of high CPU ccsvchst.exe process> ccsvchst.dmp(e.g. run the command
procdump -ma -c 50 2300 ccsvchst.dmpto generate a dump when the CPU usage for the ccSvcHst.exe with process ID 2300 is at least 50%).
a. Under Select additional profiles for performance recording, under Resource Analysis, select CPU Usage, Disk I/O Activity and File I/O Activity. Under Scenario Analysis, tick Minifilter I/O activity.
b. Performance scenario: General.
c. Detail level: Verbose.
d. Logging mode: File.
If the system is a virtualized one:
If the system is a physical one: