ccSvcHst.exe crashes approximately every 30 seconds after updating Proactive Threat Protection content on January 19, 2015 content
Last Updated February 09, 2015
Symantec Endpoint Protection (SEP) 12.1 Release Update 5 (RU5) and older clients begin to experience ccSvcHst.exe crashes after updating to the January 6, 2015 r11 Proactive Threat Protection content released on January 19, 2015.
An error message similar to the following is logged in the Windows Application event log:
This crash is caused by changes to the technology used by the SEP client to submit files to Symantec Security Response included in the SONAR update released on January 19, 2015. These changes were incompatible with the affected versions of the SEP client.
On Monday, February 9, 2015, Symantec released SONAR Heuristics Engine content revision 02/03/2015 r13. The update contains the 22.214.171.124 version of the SONAR engine which will prevent the crash attributed to the previous engine update released January 19, 2015 and dated January 6, 2015.
To resolve the crash, ensure your clients are running the latest SONAR Heuristics Engine content. If your computers still experience the crash after updating to the latest SONAR engine content, disable client submissions to Symantec Security Response for 14 days to allow the queued submissions to clear.
If you are still experiencing this problem after migrating to a SONAR engine revision of 02/03/2015 r13 or higher, create a support case and provide the following information:
A SymHelp report with Windows Preprocessor (WPP) gathered while the problem happens.
An application dump from the ccSvcHst.exe crash.
Note: If you previously disabled submissions to Security response to work around this problem, submissions can be re-enabled after SONAR updating SONAR definitions as long as it has been more than 14 days since they were first disabled.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe