I have noticed a high number of file audit failure as a result of the process names below (specifically symantec AV).
Anyone experiencing the same events? This is also triggering the "file audit failure with restricted information inference".
I can whitelist the process names but i want to make sure the file audit failures are fixed.
Event Field | Information |
ExtraneousInfo | ProcessName: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe |
Event Field | Information |
ExtraneousInfo | ProcessName: C:\Windows\System32\services.exe |