I contacted support and got the following response:
The defect linked on this knowledge article is still being looked into. It hasn’t stemmed from any validated security concerns at this time. It is known by our developers and Microsoft.
I will continue to research this when my engineering contacts are back in tomorrow, however here is some more information for you.
The image name for the service SepMasterService is now ccSvcHst.exe. Realtime Scan functionality is now provided by the service. Note that there are multiple ccSvcHst.exe instances running on your computer. The SepMasterService service requires one instance (System) , and an additional instance is required for each user session (username).
Event ID 4673 is called “Sensitive Privilege Use” and is tracked by the policy “Audit Privilege Use” which you must have enabled in your environment.
“SeTcbPrivilege” means “To Act as Part of the Operating System”
It is likely happening every time the service is called and is operating as designed as far as SEP is concerned. This will likely be a Microsoft fix. Our developers are working with them on this issue.