Information and startup locations can be examined on this page: verify all your files to make sure that they are legitimate, digitally signed and from the company Symantec Corporation to which they should belong.
ccapp.exe security and file info
Symantec User Session
- Client and Host Security Platform
- Symantec Corporation
 |
|
 |
| Filetype : executable |
An executable file is a program that can be executed in your windows environment.
|
|
What is ccApp.exe?
CcApp.exe is the Symantec Common Client Application. It is used by many Norton applications, including Norton AntiVirus, Norton AntiSpam, and Norton Internet Security. Norton uses it for its background virus protection and email scanning features.
This process is not essential to the operation of the system; however, it is essential to the proper functioning of Norton products. If you do not want to use the background scanning features of your Symantec software, you should disable it in the application. If you do not have any Symantec product installed, you should not have any processes with this name. The presence of this process on systems without Symantec software typically indicates a virus or spyware infection.
Dangers of ccApp
As ccApp.exe is a relatively common process that is found on any system with Symantec Norton software installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine Symantec Common Client Application
Some malicious files will have the same name but will be stored somewhere other than in %ProgramFiles%\Common Files\Symantec Shared. Other malware will use a name that appears similar to the name of this process but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as ccApp.exe:
- Adclicker-DF (%SystemRoot%)
- This is an adware application that lowers the infected system's internet security settings
- W32/Lebreat-A
- This worm opens a backdoor on port 8885 and attempts to perform a distributed denial of service attack on www.symantec.com
There will typically be only one copy of ccApp.exe running at a given time for each user that is logged in on a system with a Norton product installed. If multiple copies are running or if there is an instance running without any Norton software installed, the system may be infected with malware.
Common problems
- CcApp.exe uses 100% of the CPU when sending email
- If you are using Norton Internet Security, this can be caused by the outbound email scanner. Disabling the outbound email scanner should resolve the problem.
- If the above does not work, ensure that you have set a rule allowing your email client to access the network.
- CcApp wants access to port 8885
- Your system is probably infected with W32/Lebreat-A. See W32/Lebreat-A above.
- CcApp uses an excessive amount of memory
- There is a known memory leak in some versions of Norton Internet Security that causes this symptom. As a workaround, try setting a Permit rule for the program "Microsoft Generic Host Process for Win32 Services."
|
|
|
|
|
|
| MD5 File security rating |
A MD5 hash is a unique fingerprint of a file.
Different files/versions can have the same filenames. The MD5 hash verifies that the legitimate file is not altered.
Runscanner (Freeware) can help you checking the file's MD5 hashes
| Ccapp.exe files in Runscanner database |
 |
|
11 different item(s) in database |
|
|
6 different item(s) in database |
 |
|
287 different item(s) in database |
|
|
Green items are verified safe to use |
|
Unrated items are not yet checked for safety. |
 |
Red items are not safe (typically virusses, spyware or other malware) |
|
This file is digitally signed by it's publisher.
This means that the file is from the company claiming to created it, this does not mean by default that the file is safe
|
|
|
|
| General file info |
| Product name: |
Client and Host Security Platform
|
| Description: |
Symantec User Session
|
| Company: |
Symantec Corporation
|
| Fix CCAPP.EXE errors: Free registry scan |
|
|
|
| Pacman startup database |
|
Part of Norton AntiVirus. Auto-protect and E-mail check will not function without this |
|
Added by the AKHER.D WORM! Note - for the valid Norton AV entry the filename is "navapexe". This is also not the valid Norton AV file with the same filename |
|
Added by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filename |
| info provided by sysinfo.org |
|
|
|
Automatic startup locations
 |
| |
 |
001 Running Processes |
| |
 |
002 Autorun registry entries local machine |
| |
|
003 Autorun registry entries Current User |
| |
 |
005 Current user startup startmenu |
| |
 |
033 Winlogon Userinit |
 User comments for this file
More system processes
|
|
| Filename / Process |
|
| Guid / CLSID |
|
| MD5 hash |
|
|
|
304 MD5 version(s) found
only top 10 displayed
|
|
|
| Check your autostart files
|
|
|
|
