After setting an Endpoint Detection and Response (EDR) server to accommodate Insight lookups, the Symantec Endpoint Protection (SEP) client begins exhibiting high CPU utilization.  Also, the ccSubSDK (\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\CmnClnt\ccSubSDK) folder is filling up with thousands of files.

The following repetitive errors can be seen in the SEP System log:

Cannot assign a client authentication token. This client is not scheduled to obtain a client authentication token.

The client will attempt to retrieve an authentication token even if submissions are disabled when connected to EDR.

Release :SEP 14.3

A fix was provided in SEP 14.3 RU4.  To resolve the issue, upgrade the client to that version or later. 

Workarounds:

• If upgrading in not an immediate option, consider either disabling Insight lookups or direct lookups to the public Insight servers instead of EDR. 
• Restarting the smc service (smc -stop, smc -start) will offer a temporary reprieve, but the issue will recur. 
• Enabling SEP clients to access the CAT URL: https://tus1gwynwapex01.symantec.com

ESCRT-7730