Endpoint Protection

After stop some useless windows services and block ip adress in policies firewall symantec , some symantec client crush  and others work perfect .

ERROR MESSAGE : Attack: structured exception handler overwrite detect , symantec endpoint protection will end the application c:\Program files (x86)\symantec\symantec endpoint protection \14.2.1031.0100.105\bin\ccSvcHst.exe

And other error Message .....

PLEASE HELP ME TO KNOW IF THE PROBLEM IS A BUG OR IS UPDATE WINDOWS ... OR MY MODIFICATIONS 

Likely known issue and being investigated by SYMC. See here:

https://www.symantec.com/connect/forums/attack-structured-exception-handler-overwrite-detected-when-running-office-365-and-outlook

https://www.symantec.com/connect/forums/anyone-having-any-issues-virus-defs-11419-rev21

Just got off the phone with support.  As a temporary workaround they had me modify the Memory Exploit Mitigation policy and set the entry for ccSvcHst.exe to Log Only.

Thanks to all who are following this thread.  Run LiveUpdate to obtain the latest IPS defintions in order to resolve this issue.  (IPS Signatures 201901150.64 and above.)

I have the same problem today .

structured exception handler overwrite detect , symantec endpoint protection will end the application c:\Program files (x86)\symantec\symantec endpoint protection \14.2.1031.0100.105\bin\ccSvcHst.exe

Hi Olek,

Can you let me know exactly what ISP definitions you have in place?  Are they the very latest?

No I install the lates update and is good .I thought Russia attack my firewall .

What is the best way to tell what version of IPS definitions are installed?  I have done the LiveUpdates this morning on a couple of PCs that had the issue.  Then a little while later we got the same message again.  I rebooted the PC after getting the alert again and haven't had it since.  So should one reboot there PC after running the LiveUpdate? 

The solution I did is script on active directory to launch sep client in start-up, and let it be updated ... if you do not start it in start-up the SEP Service will stop  and sep client crush !

Do you have any information about when a fix might be coming?

The issue should be resolved with present definitions (20190115.64 or later) and, if the problem is still seen, reboot the computers.  If the issue can be reproduced after applying those definitions and rebooting, please get in touch with Tech Support and provide them with a procdump of ccsvchst.exe.