0 Replies Latest reply on Jun 22, 2016 8:16 AM by marcusmm8

    File audit failure and symantec endpoint protection

    marcusmm8

      I have noticed a high number of file audit failure as a result of the process names below (specifically symantec AV).

      Anyone experiencing the same events? This is also triggering the "file audit failure with restricted information inference".

      I can whitelist the process names but i want to make sure the file audit failures are fixed.

       

      Event FieldInformation
      ExtraneousInfoProcessName: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

       

      Event FieldInformation
      ExtraneousInfoProcessName: C:\Windows\System32\services.exe