No screenshot, unfortunately. I do have the tamper protection log, which I'm attaching here. All the entires are identical, except for the Target and Target Process parameters.
Action Taken: Logged
Object Type: Process
Event: Open
Actor: C:\PROGRAM FILES\COMMON FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
Targets:
- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SavUI.exe
Target Processes:
- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SavUI.exe
I've also seen reports from my coworkers of this happening in connection with:
- Updating Adobe Flash (v 11.5.502.135)
- Uninstalling Java (v 6u38)
Unfortunately I don't have any more details about those two instances.