It is correct that CCSvcHst.exe replaced RTVScan as the 'workhorse' application for 12.1.
My first thought is the scanning of compressed files. When they are scanned they are unpacked to X number of levels (3 is the default, I think) by the decomposer engine, which will take some processing power, as you might imagine. If you recently created a lot of archive files and they are in a directory that is being scanned--or a lot archive files are being copied to the computer and being scanned by Auto-Protect--then this could explain what's happening.
You're also using an older build. SEP 12.1 RU2, for example, has the following fix:
High CPU usage of ccSvcHst.exe process
Fix ID: 2707848
Symptom: The Symantec Endpoint Protection service (ccSvcHst.exe) consumes 100% of one CPU during a scan.
Solution: Modified the Decomposer component to prevent a condition where the scanner could become stuck on a malformed archive file.
Most current release is 12.1 RU3 (12.1.3). You can check the fix notes for that release and for 12.1 RU2 MP1 (12.1.2.1) here.
Edit to add:
I have read like this below regarding ccsvchst.exe*32 file, but we are not using the norton software suite.. we are uisng only Symantec Endpoint Protection Manager.
(Bolding mine.) If you don't have the SEP client installed, that machine is not protected against threats. Or is this a mistype?
sandra