ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ccSvcHst.exe causes high CPU on Endpoint Protection managed clients in version 14.0 - 14.2

book

Article ID: 172665

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

In a mixed managed and unmanaged Symantec Endpoint Protection (SEP) environment, ccSvcHst.exe causes excessive CPU use only on clients that are managed. A large serdef.dat file is found on the clients.

Cause

This issue occurs from SEP Manager upgrades to environments using replication. Each upgrade has the potential to add new entries into the LiveUpdate Content policy resulting in duplicates. With each upgrade the number of duplicates increases, thus resulting in a larger policy file.

As a result, the SEP client gets caught in an endless loop trying to process the policy file.

The typical serdef.dat and server.dat files are kilobytes (KB) in size. When this issue is present, these files are typically over megabytes (MB) in size.

Resolution

This issue is fixed in Symantec Endpoint Protection 14.2.0.1 (14.2 MP1)  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

As a work around, you can create a new LiveUpdate Content policy and assign it to the affected client groups.