Hi.  I’ve been intermittently seeing the following medium-severity (red) alert in my NIS 2009 logs (Windows XP):

Unauthorized access blocked (Open File) - Date - Blocked - No Action Required

Advanced Details:
Actor: c:\windows\system32\svchost.exe
Actor PID: 1376 (once it was 1388 instead)

Target C:\Documents & Settings\All Users\Application Data\Norton{string of characters and hyphens}\Norton\Definitions\VirusDefs\tmpXXXX.tmp\cur.scr  (where XXXX is 4 alphanumeric characters that vary)

Target PID: 0
Action: Open File
Reaction: Unauthorized Access Blocked

This happened a couple times a few weeks ago, and it has happened again on most days over the past week, 1-4 times/day.  Today was the day it happened 4 times, spread over a 7-hour period.

I’m not very concerned, just curious if anyone has any idea why svchost.exe would be trying to access some sort of Norton temp defs file.  Thanks.