---

smoddelm wrote:

My question:  why is Norton blocking actions that the OS believes it needs to take with respect to my system?,,,It seems that Norton should be protecting the OS and its intended functions, not interfering with it.

---

Norton is blocking access to a registry key that is being monitored as part of your Norton product protection.  This is Norton Product Tamper Protection which prevents any outside agent - even a Windows process - from interfering in any way with Norton.  Tamper protection must operate like this in order to assure that your security is not compromised or subverted, intentionally or otherwise.  It is not necessary for outside processes to access Norton in order for them to function correctly, and you should not normally see any ill effects related to a Tamper Protection block.

How can I find out which software package is causing this?  "svchost.exe" is too generic to identify the offending .dll.

Hi stevenizen,

It is very, very common to see scvhost.exe listed as an actor in Norton Product Tamper Protection entries.  This happens all the time and is a normal event that does not affect Windows, Norton or your PC in any way.  There is no point in investigating it unless you are experiencing problems - tweaking anything just to prevent future log entries risks causing problems where none currently exist.  Like most of the Norton logs, the Tamper Protection log is for your information, and is not intended to show anything that would normally require user action.

---

stevenizen wrote:

How can I find out which software package is causing this?  "svchost.exe" is too generic to identify the offending .dll.

---

Here is a site where it explains how to find out what is using svchost.exe. http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/

It explains how to use different tools to get the information you are looking for.