Symantec Endpoint Protection client shows high CPU usage immediately after virus definition updates.

Article:TECH170756  |  Created: 2011-09-29  |  Updated: 2011-10-17  |  Article URL http://www.symantec.com/docs/TECH170756
Article Type
Technical Solution


Environment

Issue



Immediately after downloading and applying definitions, either from the Symantec Endpoint Protection Manager (SEPM) or through LiveUpdate, the CPU usage of the Symantec Endpoint Protection (SEP) 12.1 client becomes very high for ten to fifteen minutes. ccSvcHst.exe is reported as being the process responsible for the high CPU usage.


Environment



Observed on Windows XP SP3 using the SEP 12.1 RTM build on systems with MS KB 2616676 also installed.


Cause



This problem appears to be caused by a memory leak issue that occurs with MS KB 2616676 installed. This may result in unexpected behavior from ccScvHst.exe.


Solution



It has been reported to Symantec that applying Microsoft Hotfix KB 959658 to impacted systems resolves this issue. This hotfix is designed to address issues caused by MS KB 26166763.

For information on obtaining and installing this Hotfix, please visit the following link: http://support.microsoft.com/kb/959658




Article URL http://www.symantec.com/docs/TECH170756


Terms of use for this information are found in Legal Notices