02-26-2012 04:35 AM
Have been getting this a few times a day over the past several days with Actor SVCHOST.EXE and Target HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\R
I found some older posts about this or similar messages in the 360 and NIS forums. They were mostly started by users asking if their systems were under attack, with responses assuring them that the attempted actions that were blocked appeared to be initiated by Windows and were not any cause for concern. My question: why is Norton blocking actions that the OS believes it needs to take with respect to my system? Already the upgrade from v5 to v6 has nearly destroyed the ability of my computers that (only the ones that have been upgraded from v5 to v6) to connect to each other via Win 7 HomeGroup. It seems that Norton should be protecting the OS and its intended functions, not interfering with it.
02-26-2012 10:20 AM
smoddelm wrote:My question: why is Norton blocking actions that the OS believes it needs to take with respect to my system?,,,It seems that Norton should be protecting the OS and its intended functions, not interfering with it.
Norton is blocking access to a registry key that is being monitored as part of your Norton product protection. This is Norton Product Tamper Protection which prevents any outside agent - even a Windows process - from interfering in any way with Norton. Tamper protection must operate like this in order to assure that your security is not compromised or subverted, intentionally or otherwise. It is not necessary for outside processes to access Norton in order for them to function correctly, and you should not normally see any ill effects related to a Tamper Protection block.
03-08-2012 12:43 PM - edited 03-08-2012 12:44 PM
It is very, very common to see scvhost.exe listed as an actor in Norton Product Tamper Protection entries. This happens all the time and is a normal event that does not affect Windows, Norton or your PC in any way. There is no point in investigating it unless you are experiencing problems - tweaking anything just to prevent future log entries risks causing problems where none currently exist. Like most of the Norton logs, the Tamper Protection log is for your information, and is not intended to show anything that would normally require user action.
03-08-2012 05:31 PM
How can I find out which software package is causing this? "svchost.exe" is too generic to identify the offending .dll.
Here is a site where it explains how to find out what is using svchost.exe. http://www.bleepingcomputer.com/tutorials/list-ser
It explains how to use different tools to get the information you are looking for.