I need a solution
Hi, this is my first post; hope this is in the right place. So a client of ours has been getting a MS Visual C++ Runtime Library pop-up error for the last few days. Looked into it a bit and see in the event logs a string of entries that are always coincedently happening around the same time as the runtime error. Genrally the runtime error happens at 4 hour intervals at around 7am, 11am, 3pm, 7pm, followed by entries in the application log from symantec regarding tamper protection blocking svchost.exe PID1484 (that PID corresponds to ERSvc, error reporting service) from GFValidate.exe. Here's the entry:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Symantec\Symantec Protection Center\bin\GFValidate.exe
Event Info: Suspend Thread
Action Taken: Blocked
Actor Process: C:\WINDOWS\System32\svchost.exe (PID 1484)
Time: Thursday, December 19, 2013 11:19:21 AM
That entry repeats 3-4 times, followed by this:
Faulting application GFValidate.exe, version 12.0.122.176, faulting module msvcr80.dll, version 8.0.50727.3053, fault address 0x000046b4.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Not sure why ERSvc is being blocked at those times, and not at other times, since it's a valid Windows service and is constantly running. Any suggestions would be greatly appreciated as to whether this is a legit threat that's being detected, or a false alarm, and if so whether its possible/safe to allow this as an exception within tamper protection. Let me know if more info is needed.
Some basics: They have Symantec Protection Center, and Symantec Antivirus 10.1.5.5000, and Windows Server 2k3.
Thanks!