UACCEEventLog 301 Filling Event Logs
Posted
by
rjt
on Server Fault
See other posts from Server Fault
or by rjt
Published on 2011-02-08T06:16:46Z
Indexed on
2011/02/08
7:27 UTC
Read the original article
Hit count: 309
After pushing out clients for the MS Application Compatibility Toolkit on our domain via GPO, UACCEEventLog 301 occurs a few times per second in the event log. Several Thousand per hour.
One test i need to do is logon with Administrator to see if these events go away while Admin, but of course that is not a fix.
This is only part of the event log entry, but is the most readable and clearly indicates yet another problem with Antivirus software. But still no fix.
Originally, i posted this In Words and Bytes, but then edited it to make it much easier to read. LocalMachine\Users do have Read Access to this key. For a test, i added "Domain Users" but there are many more events for other parts of the registry and for Administrators.
<XML> <TYPE> UacceRegistryVirtualization </TYPE> <EXENAME>smcgui.exe</EXENAME> <EXEPATH>c:\program files\symantec\symantec endpoint protection </EXEPATH> <APINAME>RegOpenKeyA</APINAME> <REGKEYNAME> HKEY_LOCAL_MACHINE\SOFTWARE \Symantec\Symantec Endpoint Protection\AV\Storages \SymHeurProcessProtection\RealTimeScan\0 </REGKEYNAME> <RESTRICTEDBYACL>FALSE</RESTRICTEDBYACL> <DESIREDACCESS>MAXIMUM_ALLOWED</DESIREDACCESS> <REGVALUENAME></REGVALUENAME> <REGVALUETYPE>0x00000000</REGVALUETYPE> <REGVALUEDATA></REGVALUEDATA> <CURRENTGROUP>Users</CURRENTGROUP> </XML>
© Server Fault or respective owner