I need a solution
I'm using SEP 12.1.4013 on WinXP Pro. Why do I get hundreds of Event ID 45 on many computers?
Here is one example taken from SEP Client event (there are hundreds of these events):
Event Type: Information Event Source: Symantec AntiVirus Event Category: None Event ID: 45 Date: 3/3/2014 Time: 8:00:23 AM User: NT AUTHORITY\SYSTEM Computer: DELL Description: Scan type: Tamper Protection Scan Event: Tamper Protection Detection Security risk detected: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE File: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\LDVPCtls.ocx Location: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin Computer: DELL User: SYSTEM Action taken: Leave Alone Date found: Monday, March 03, 2014 8:00:23 AM
The following is taken from Application event:
Event Type: Information Event Source: Symantec AntiVirus Event Category: None Event ID: 45 Date: 3/4/2014 Time: 8:55:16 AM User: DOMAINNAME\JDOE Computer: DELL Description: Scan type: Tamper Protection Scan Event: Tamper Protection Detection Security risk detected: C:\WINDOWS\EXPLORER.EXE File: C:\Program Files\Symantec\S32EVNT1.DLL Location: C:\Program Files\Symantec Computer: DELL User: JDOE Action taken: Leave Alone Date found: Tuesday, March 04, 2014 8:55:16 AM
Explorer.exe is part of Windows core component. Why is it a security risk?