UACCEEventLog 301 Filling Event Logs
- by rjt
After pushing out clients for the MS Application Compatibility Toolkit on our domain via GPO, UACCEEventLog 301 occurs a few times per second in the event log. Several Thousand per hour.
One test i need to do is logon with Administrator to see if these events go away while Admin, but of course that is not a fix.
This is only part of the event log entry, but is the most readable and clearly indicates yet another problem with Antivirus software. But still no fix.
Originally, i posted this In Words and Bytes, but then edited it to make it much easier to read. LocalMachine\Users do have Read Access to this key. For a test, i added "Domain Users" but there are many more events for other parts of the registry and for Administrators.
<XML>
<TYPE>
UacceRegistryVirtualization
</TYPE>
<EXENAME>smcgui.exe</EXENAME>
<EXEPATH>c:\program files\symantec\symantec endpoint protection </EXEPATH>
<APINAME>RegOpenKeyA</APINAME>
<REGKEYNAME>
HKEY_LOCAL_MACHINE\SOFTWARE
\Symantec\Symantec Endpoint Protection\AV\Storages
\SymHeurProcessProtection\RealTimeScan\0
</REGKEYNAME>
<RESTRICTEDBYACL>FALSE</RESTRICTEDBYACL>
<DESIREDACCESS>MAXIMUM_ALLOWED</DESIREDACCESS>
<REGVALUENAME></REGVALUENAME>
<REGVALUETYPE>0x00000000</REGVALUETYPE>
<REGVALUEDATA></REGVALUEDATA>
<CURRENTGROUP>Users</CURRENTGROUP>
</XML>