8:56:29 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required, 8:56:29 AM,Ĭ:Program FilesSymantec.cloudEndpointProtectionAgentEngine22.14.2.13MCUI32.exe,15840,Access Process Data,Unauthorized access blocked,1 8:57:27 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required, 8:57:27 AM, 8:58:22 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required, 8:58:22 AM, 8:59:17 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required, 8:59:17 AM,Ĭ:PROGRAM FILESPOLICYPAKAPPLICATION MANAGERCLIENTPPWATCHERSVC64.EXE,7264,Ĭ:Program FilesSymantec.cloudEndpointProtectionAgentEngine22.14.2.13NortonSecurity.exe,6328,Access Process Data,Unauthorized access blocked,1 This is by design in PolicyPak and cannot be changed at this time.Ĭategory: Symantec Product Tamper Protectionĭate & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction,Terminal Session So, Symantec is detecting and reporting that. PPExtensionService.exe needs to “look at” every process that gets started, and opens handles to them.Īdditionally, PolicyPak AppLock also doesn’t discriminate the applications running on the machine and as such, you might see PPWatcherSvc64.exe in some of the logs.
You might see Symentec logs like what’s seen below. 13: Why does Symantec Endpoint Protection (or SEP for Small business) report that PolicyPak is “tampering” ?
0 kommentar(er)
