After pushing out clients for the MS Application Compatibility Toolkit on our domain via GPO, UACCEEventLog 301 occurs a few times per second in the event log. Several Thousand per hour.

One test i need to do is logon with Administrator to see if these events go away while Admin, but of course that is not a fix.

This is only part of the event log entry, but is the most readable and clearly indicates yet another problem with Antivirus software. But still no fix.

Originally, i posted this In Words and Bytes, but then edited it to make it much easier to read. LocalMachine\Users do have Read Access to this key. For a test, i added "Domain Users" but there are many more events for other parts of the registry and for Administrators.

  


<XML>   
<TYPE>   
  UacceRegistryVirtualization   
</TYPE>   
<EXENAME>smcgui.exe</EXENAME>   
<EXEPATH>c:\program files\symantec\symantec endpoint protection </EXEPATH>   
<APINAME>RegOpenKeyA</APINAME>   
<REGKEYNAME>   
  HKEY_LOCAL_MACHINE\SOFTWARE
         \Symantec\Symantec Endpoint Protection\AV\Storages
         \SymHeurProcessProtection\RealTimeScan\0   
</REGKEYNAME>   
<RESTRICTEDBYACL>FALSE</RESTRICTEDBYACL>   
<DESIREDACCESS>MAXIMUM_ALLOWED</DESIREDACCESS>   
<REGVALUENAME></REGVALUENAME>   
<REGVALUETYPE>0x00000000</REGVALUETYPE>   
<REGVALUEDATA></REGVALUEDATA>   
<CURRENTGROUP>Users</CURRENTGROUP>   
</XML>