Machines that got caught by this weekend's oops are showing sccomm.exe saturating one CPU core after deleting the bad ref file and rebooting. We terminated sccomm.exe on most machines (which is equivalent to stopping the MEEClientService service except the service doesn't respond to stop commands). When machines get rebooted and the service restarts, we get a flurry of emails from the Malwarebytes server as a hundred thousand or more blocks of internal servers get reported. But the high CPU usage continues. The server was also showing high CPU usage and the database hit 10GB so we truncated it and set the retention to 1 day. The server side is now under control. Machines that were off over the weekend show minimal CPU usage by sccomm.
How do we stop sccomm.exe from gobbling CPU, and less important, can we delete the local records of blocks before restarting the MEEClientService? Email to corporate support hasn't been answered, but they must be swamped dealing with customers in worse shape than us.