Symantec Endpoint Protection 12.1RU2, scans and finds threat in svchost.exe
We are having problems with some of our computers and I am trying to track down the exact cause and in doing so I ran across some things in the event logs of several computers that should not be there. We are running SEP server and clients 12.1.2, Server 2008 R2 and Windows 7 Enterprise 64Bit clients.
Every since we upgraded to this version, one by one people have complained that Outlook keeps locking up on them and other strange thing have happened like the machines will not get past the log off screen when they shutdown. One computer will not show the Username and password fields for about 10-20 minutes after CTRL-ALT-DLT. PS..We also deployed SEE Device Control and Removable Storage at the same time.
1st, I found this: Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged. (application logs)
This is showing up on a lot of machines so I don't think it is a virus.
2nd I found this(could be another application other than SEP): The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID