search cancel

ccSvcHst.exe crashes and stops Endpoint Protection 14

book

Article ID: 175075

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After an upgrade or install of Symantec Endpoint Protection (SEP) client version 14.2 RU1 on a FIPS compliant endpoint, the SEP master service (ccSvcHst.exe) eventually crashes.

Event log shows as :

Application    Error    Application Error            1000    "Faulting application name: ccSvcHst.exe, version: 13.4.0.26, time stamp: 0x5bd740a5
Faulting module name: libcurl-wintls.dll, version: 7.64.0.0, time stamp: 0x5c9860bc
Exception code: 0xc0000005
Fault offset: 0x0000b3ac
Faulting process ID: 0x3a70
Faulting application start time: 0x01d5136913d91e78
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\ccSvcHst.exe
Faulting module path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.3332.1000.105\Bin\libcurl-wintls.dll
Report ID: a5e95806-c27c-400a-b05b-62f971628270
Faulting package full name: 
Faulting package-relative application ID:"    

Environment

  • SEP client version 14.2.3335.1000
  • Windows OS configured for FIPS mode:
    • HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
      HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy

 

Cause

  • The client or server machine is configured for FIPS compliance
  • libcurl-wintls.dll library encounters a NULL data pointer that results in the crash
  • Upgrade or install of client version 14.2 RU1 on a FIPS compliant endpoint

Resolution

This issue has been resolved in SEP 14.2 RU1 MP1. Please see this ariticle on how to Download the latest version of Symantec software.