Symantec Endpoint Protection client shows high CPU usage immediately after virus definition updates.

Article:TECH170756  |  Created: 2011-09-29  |  Updated: 2014-12-08  |  Article URL
Article Type
Technical Solution



Immediately after downloading and applying definitions, either from the Symantec Endpoint Protection Manager (SEPM) or through LiveUpdate, the CPU usage of the Symantec Endpoint Protection (SEP) 12.1 client becomes very high for ten to fifteen minutes. ccSvcHst.exe is reported as being the process responsible for the high CPU usage.


Observed on Windows XP SP3 using the SEP 12.1 RTM build on systems with MS KB 2616676 also installed.


This problem appears to be caused by a memory leak issue that occurs with MS KB 2616676 installed. This may result in unexpected behavior from ccScvHst.exe.


It has been reported to Symantec that applying Microsoft Hotfix KB 959658 to impacted systems resolves this issue. This hotfix is designed to address issues caused by MS KB 2616676.

For information on obtaining and installing this Hotfix, please visit the following link:

Article URL

Terms of use for this information are found in Legal Notices