I need a solution
I have found that Symantec Endpoint Protection executable ccSvcHst.exe try to connect to map2.hwcdn.net:80. All other HTTP requests go through web proxy, it takes OS proxy settings. Why ccSvcHst.exe tries to access map2.hwcdn.net over TCP 80?
Procmon capture log below.
| Time of Day | Process Name | PID | Operation | Path | Result | Detail |
| 11:11:18 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61193 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:11:24 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61193 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:11:32 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61201 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:11:38 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61201 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:11:39 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61203 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:11:45 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61203 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:11:54 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61224 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
| 11:12:00 | ccSvcHst.exe | 2100 | TCP Reconnect | host_abcd:61224 -> map2.hwcdn.net:http | SUCCESS | Length: 0, seqnum: 0, connid: 0 |
0