Product & version number: N360 22.24.8.36
OS details: Win10 22H2
I attempted to install a program which is a music hardware editor. Norton data protector stopped the installation saying: "
“Suspicious process attempted to modify attributes of a file protected by data protector”
I would like to know which file this program attempted to modify. In the Advanced Details window, there is a box titled “Target”. Is this the file that the program attempted to modify?
On my system, Data Protector is on but I have not configured any specific files or folders to be protected, I have just left the defaults. The default folders are only in the "C:\Users" folder.
Here is the dump of the error:
Date & Time,Risk,Activity,Status,Recommended Action,Status,Program Path,Program Name,Date & Time,Action Observed,Target
10/28/2024 12:12:20 AM,High,Data Protector blocked a suspicious action by FIEditor.exe,Action Blocked,No Action Required,Action Blocked,C:\Program Files\panda-Audio\FIEditor4\FIEditor.exe,FIEditor.exe,10/28/2024 12:12:20 AM,Suspicious process attempted to modify attributes of a file protected by Data Protector,“C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_FIEditor.exe_937a6e6f495e5ad223d18bf7fa7d5f86f08d48_c4afc5aa_e9a6f545-7c66-43cc-882e-a2a9d221b861\Report.wer”
It appears that the target was a file named Report.wer in the folder:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive.
This doesn’t make much sense. This folder is not a protected folder and why would a program attempt to modify a Windows Error Reporting file?
Can anyone offer any insight into what is going on here?