After upgrading endpoints to SEP 14.2, you notice several new services running on your client computers.  

Symantec Endpoint Protection Hardening CAF Service
Symantec Endpoint Protection Hardening Detection
Symantec Endpoint Protection Hardening Prevention
Symantec Endpoint Protection Hardening Utility

These services relate to the new Application Hardening feature available with a cloud-enrolled SEPM.  They are installed by default in all cases unless explicitly removed from the Client Install Feature Set.  If you do not have the Application Hardening feature enabled in your environment, these services will be functionally inert.

These services can be removed by replacing the Client Install Feature Set with one that does not include the "Application Hardening" feature.  This will require a reboot to completely uninstall the services.