Currently we have windows Servers with Only AV/Malware protection. We use a application called ImageRight, it's used for printing.
Also Servers are at SEP 11. RU 1. In process of upgrading to SEP 11 RU 3 then to 12.1.2 in near future.
Now with my question?
Has anyone seen this type of error before? It's in the Event Logs as a Warning.
There is a Windows KB Article ID: 947238 which kinda relates.
2 user registry handles leaked from \Registry\User\S-1-5-21-1390108520-675970526-1691616715-84626:
Process 376 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1390108520-675970526-1691616715-84626\Printers\DevModePerUser
Process 2068 (\Device\HarddiskVolume1\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-1390108520-675970526-1691616715-84626\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks
It is currently believed that SEP is causing this issue, but from my point of view I think this is a false positive. Almost makes me wonder if this is a Rootkit. I have never seen this error before and and we currently have intermitent error occuring.
Any suggestions, would be helpful.