Symantec Endpoint Protection client shows very High CPU Utilization and take long time to start service
search cancel

Symantec Endpoint Protection client shows very High CPU Utilization and take long time to start service

book

Article ID: 223807

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

CCSVCHST.exe of Symantec Endpoint Protection client shows very High CPU Utilization and take long time to start service

This is observed when SEPM is added to SEDR 4.5 or greater which is configured with large number of SHA256 values in ALLOW/DENY list.

Whenever, there is an update to ALLOW/DENY list in SEDR or SEP Service is restarted the issue is observed.

The CPU utilization settles down after some time depending on System resources. This time may vary from 30 minutes to more than an hour.

 

Environment

Release :

EDR 4.5+, SEPM 14.x

Component : Symantec Service framework in SEP

Cause

In SEDR 4.5 and later a new feature was introduced to send the SHA256 Hash values of ALLOW/DENY list to SEPM exceptions policy.

It affects SEP 14.3 RU1 or later.

SEPM Exception policy xml cannot handle more than recommended 500 to 600 values thus taking longer time to process the list.

Resolution

Both the products are working as designed.

Additional Information

This article can be useful in case of high CPU issue:

https://knowledge.broadcom.com/external/article/224815/high-cpu-on-all-enrolled-sep-clients-wit.html

Powered by Wolken Software