Hi Brian,

Could you please give us additional details such as:

 - In which log did you exactly found these entries?

 - 7:33:18 => is it the time when the computer has been started?

 - Is there any upgrade package assign to this client in SEPM console?

 - Did you disable any feature of Antivirus/Antispyware protection in the policies (without locking it) or using client GUI?

 - Do you have any trace about scan, update, SEPM connection loss, etc. at the same moment in the other client logs or in Windows Event Viewer?

I found it under Client Management > System Log

No, this is a server so it's always on

No upgrade package assigned

The policy (only for this 1 server) was set with AP off and unlocked. I have since modified it to be on by default but still left unlocked

All other logs look to be normal to me.

Additional questions:

 - When did you exactly change policies to configure AP to be ON? Did the issue start to occur since this moment?

 - Is this behavior visible on a regular basis and at the same time of the day?

 - Is there any other machine with similar symptoms? If not, does the same problem occurs on a machine if you move it to server group?

I can only imagine this happens when we update the scan engine. I can see it in my client logs as well.

I changed the policy to ON when my admin notified me today.

To my knowledge, this is the first time it happened.

I don't believe so. The only reason he noticed it was because he was logged in at the time (GUI turned red). So I suppose it's possible it has happened to other machines before but it went unnoticed.