Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

Symantec Endpoint Protection 12.1RU2, scans and finds threat in svchost.exe

$
0
0
I need a solution

We are having problems with some of our computers and I am trying to track down the exact cause and in doing so I ran across some things in the event logs of several computers that should not be there.  We are running SEP server and clients 12.1.2, Server 2008 R2 and Windows 7 Enterprise 64Bit clients. 
Every since we upgraded to this version, one by one people have complained that Outlook keeps locking up on them and other strange thing have happened like the machines will not get past the log off screen when they shutdown.  One computer will not show the Username and password fields for about 10-20 minutes after CTRL-ALT-DLT.  PS..We also deployed SEE Device Control and Removable Storage at the same time. 

1st,  I found this:  Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged. (application logs)  
This is showing up on a lot of machines so I don't think it is a virus. 

2nd I found this(could be another application other than SEP):  The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{69B37063-2BB6-43B5-A109-60E69A77840F}
 and APPID 
{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}
 to the user domain/username SID (S-1-5-21-790525478-920026266-842925246-8650) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
I am not sure where this APPID is.  I went through all of them and could not find the one with this APPID or CLSID.  
 
Any info will be greatly appreciated. 
 
8157161
1357333967

Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>