Anyone familar with SolidWorks' backgroud downloader or ScriptLogic Corporation's PacketTrap IT software?
Since installing Symantec Endpoint Protection 12.1 on some of my servers and client PCs I've been seeing Symantec Tamper Protection Alert messages being logged in the Application Event Log (Event ID: 45). SEP's tamper protection log concurs with entries showing the blocking of processes that seem to be legitimately belonging to SolidWorks Installation Manager or PacketTrap IT.
Text from example A:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES (X86)\COMMON FILES\SOLIDWORKS INSTALLATION MANAGER\BACKGROUNDDOWNLOADING\SLDBGDWLD.EXE (PID 8236)
Time: Wednesday, August 03, 2011 3:08:28 PM
Text from example B:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info: Create Process
ActionTaken: Blocked
Actor Process: C:\PROGRAM FILES (X86)\SCRIPTLOGIC CORPORATION\PERSPECTIVE\PTAGENTSERVICE.EXE (PID 3780)
Time: Wednesday, August 03, 2011 11:14:40 AM
Does anyone know why these processes would trigger tamper alerts?
How can I submit the exe files in question to Symantec for malware analysis...just in case they aren't really from the companies they appear to be from and are really a threat?