If you have Network Application Monitoring (NAM) enabled and a program is updated this would change the file's hash value. The Hash value is how SEP is going to identify a particular file, as this is unique to that specific file as opposed to the file's name, which could be changed.
Based on what you've stated I'm suspecting that NAM is enabled and that the user had received a pop-up dialog stating that the particular file in question had been changed since the last time it had been run. If the user were to choose to block this process in the dialog you would see this information logged.
If this client is not managed, NAM is enabled by default.
To disable Network Application Monitoring open the SEP client:
1. Click on Change Settings on the left.
2. Click on Configure Settings next to Network Threat Protection
3. Click on the Firewall tab.
4. Uncheck "Enable network application monitoring"
5. Click OK.
If this client is managed, you would need to make this change from within the SEPM console.
The following document will assist with using the SEPM to modify this policy.
http://www.symantec.com/business/support/index?page=content&id=TECH102994&locale=en_US