Processes and services used by Endpoint Protection 14
Last Updated November 01, 2018
You want to know which processes and services are used by Symantec Endpoint Protection (SEP) 14.
This table lists the services used by SEP.
Symantec Endpoint Protection
Provides malware and threat protection for Symantec Endpoint Protection
Symantec Network Access Control
Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network.
Symantec Embedded Database
Embedded database used by Symantec Endpoint Protection Manager
Symantec Endpoint Protection Launcher
Launch service which can invoke special processes for Symantec Endpoint Protection Manager.
Symantec Endpoint Protection Manager
Application server which communicates with Symantec Endpoint Protection Manager, Symantec Protection clients, and a database.
Symantec Endpoint Protection Manager API Service
Application server provides web services.
Symantec Endpoint Protection Manager Webserver
Web server which communicates with Symantec Endpoint Protection Manager, Symantec Endpoint Protection clients, and a database.
Symantec MSS DB Connector
This service allows a MSS Collector to remotely access DB services. This is service is only installed when the Synapse Log Collector for SEPM Embedded DB is installed for ATP. The log collector enables ATP to collect incident logs from a Symantec Endpoint Protection Manager database.
Symantec Endpoint Protection Bridge Service
Symantec Endpoint Protection Bridge Uploader Service
Data uploader service.
This table lists the processes used by SEP.
Remote install SEP client
Runs under Local System account. SEPM uses this service component to run services that requires elevated privilege
Utility used for importing .VDB/.JDB files (VirusDefs) into SEPM. Also used to cleanup AV and IPS temporary content files during uninstallation.
Utility to register/unregister SEPM's with LiveUpdate. Update/sync LU Inventory
Download contents from liveupdate servers. If proxy used and need authentication, component SysUtil.exe will be launched to start LUALL.exe.
Part of Live Update. The Call Back Proxy Module monitors how many updates are required to be downloaded, and schedules downloads to be performed at various times through various mirror sites to increase download efficiency.
LiveUpdate Core Engine
Embedded DB process
Embedded DB process
Tomcat instance service running for REST web-services.
Symantec Network Access Control executable. Checks that the computer complies with the defined security policy and communicates with the Symantec Enforcers to allow your computer to access the corporate network .
Helps to configure exclusion list on the SEP Client.
Responsible for scanning.
hook lotus notes
Responsible for UI related to Scan dialog
Communication with the SEPM
Controls the SEP system tray icon and its functions
Controls user interface of SEP
Error reporting component
This is Symantec Service Framework. For e.g SepMasterService service run using the framework provided by ccSvcHst
It helps you find hardware device ID's for device blocking in Symantec Endpoint Protection (SEP).
Mainly used when a new set of definitions comes in. It is also used to re-scan files in quarantine when new virus definitions are updated and installed.
Application to restart RTVScan service
The installer in Symantec Endpoint Protection 12.1 uses the Replace On Reboot Uninstaller (RORU), whereby an older version of SEP will not actually be removed and replaced by the newer version until after a reboot.
Used to update AntiVirus status to Windows Security Center.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe