Aftering setting the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui to 0, as specified in Citrix and terminal server best practices for Endpoint Protection, to prevent multiple instances of ccSvcHst.exe, multiple per-user instances of ccSvcHst.exe are created when they should be terminated.

• Citrix XenApp
• Microsoft Remote Desktop Services (RDS) server
• Symantec Endpoint Protection (SEP) 14

LaunchSMCGui controls which plug-ins are loaded. When set to 1, both mandatory and optional plug-ins are loaded. When set to 0, only mandatory plug-ins are loaded. While the per-user ccSvcHst.exe process is always started, it will terminate unless one or more plug-ins are loaded.

In previous versions, all plug-ins were optional and setting LaunchSMCGui to 0 resulted in the expected behavior. In SEP 14, two components installers inadvertently set IronUser and ClientSDK as mandatory plug-ins, causing per-user ccSvcHst.exe processes not to terminate.

This issue has been fixed in SEP 14 MP2. The IronUser and ClientSDK components flags were changed to optional, and when configured with the registry key value LaunchSMCGui to 0, the existing per-user ccSvcHst.exe processes exit gracefully as expected. There is no workaround for this and requires the client to be upgraded.