After updating Symantec Endpoint Protection 12.1 (SEP) clients to revision 150616011 (June 16, 2015 rev 11) of Proactive Threat Protection (PTP) definitions, the SEP process ccSvcHst.exe uses a significant amount of CPU resources. This may cause the computer to become less responsive. The Symantec Endpoint Protection client's system log may contain client submission failure events. To view the log, follow these steps:
Signatures were added to the 150616011 (June 16, 2015 rev 11) PTP definitions that triggered an unexpected number of submissions from some Symantec Endpoint Protection clients. If clients are configured to submit submission data, but are unable to do so (e.g. no Internet connectivity), the submissions will queue repeatedly but are unable to be sent. This can cause high CPU usage on some clients.
The problematic signatures that were added to the PTP definitions have been removed. Content with revision June 16, 2015 rev. 12 or higher is no longer affected by this issue.
The PTP content with the fix may be downloaded from Symantec LiveUpdate. See article HOWTO111581 for steps to run LiveUpdate.
If the new definitions cannot be downloaded or applied on affected client computers, the issue may be worked around by disabling SEP client submissions. SEP client submissions should be enabled again after they have downloaded the content with the fix.
On the SEP client, perform the following steps: