I'll do some digging myself, but perhaps someone has an idea already and save me some precious time.........
What was attempting to happen here that my SEP rule to block certain activity happened to block?
Was this LEGIT, or something happening that should have been blocked anyway?
Here are the THREE log entries most fascinating to me -
What is "move networks"
and what is "move mediaplayer" ?
It APPEARS something was attempting to install?
#1:
Event type: Application Control Rules
Event time: 05/05/2009 11:35:14
Severity: Critical
Begin time: 05/05/2009 11:34:17
End time: 05/05/2009 11:34:17
Rule name: Load DLL Attempts_Load_Dll
Alert: Yes
Send SNMP trap: 0
Caller Process ID: 3104
Caller Process Name: C:/Program Files/Internet Explorer/iexplore.exe
Target: C:/Documents and Settings/Valerie.Rice/Application Data/Move Networks/ie_bin/qsp2ie071303000004.dll
User name: Valerie.Rice
Description: Block loading of DLL files from application data folders.
#2:
Event type: Application Control Rules
Event time: 05/05/2009 11:37:15
Severity: Critical
Begin time: 05/05/2009 11:36:18
End time: 05/05/2009 11:36:18
Rule name: File and Folder Access Attempts_File_Write
Alert: Yes
Send SNMP trap: 0
Caller Process ID: 4040
Caller Process Name: C:/Documents and Settings/Valerie.Rice/Local Settings/Temporary Internet Files/Content.IE5/X3P429CZ/MoveMediaPlayer_071303000004[1].exe
Target: C:/Documents and Settings/Valerie.Rice/Application Data/Move Networks/ie_bin/qsp2ie071101000055.dll
User name: Valerie.Rice
Description: prevent creation of DLL files in application data folders
#3:
Event type: Application Control Rules
Event time: 05/05/2009 11:37:32
Severity: Critical
Begin time: 05/05/2009 11:36:32
End time: 05/05/2009 11:36:32
Rule name: Load DLL Attempts_Load_Dll
Alert: Yes
Send SNMP trap: 0
Caller Process ID: 3104
Caller Process Name: C:/Program Files/Internet Explorer/iexplore.exe
Target: C:/Documents and Settings/Valerie.Rice/Application Data/Move Networks/ie_bin/qsp2ie071303000004.dll
User name: Valerie.Rice
Description: Block loading of DLL files from application data folders.