Have been getting this a few times a day over the past several days with Actor SVCHOST.EXE and Target HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\ROOT\LEGACY_BHDRVX64\0000\Control.
I found some older posts about this or similar messages in the 360 and NIS forums. They were mostly started by users asking if their systems were under attack, with responses assuring them that the attempted actions that were blocked appeared to be initiated by Windows and were not any cause for concern. My question: why is Norton blocking actions that the OS believes it needs to take with respect to my system? Already the upgrade from v5 to v6 has nearly destroyed the ability of my computers that (only the ones that have been upgraded from v5 to v6) to connect to each other via Win 7 HomeGroup. It seems that Norton should be protecting the OS and its intended functions, not interfering with it.
Have been getting this a few times a day over the past several days with Actor SVCHOST.EXE and Target HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\ROOT\LEGACY_BHDRVX64\0000\Control.
I found some older posts about this or similar messages in the 360 and NIS forums. They were mostly started by users asking if their systems were under attack, with responses assuring them that the attempted actions that were blocked appeared to be initiated by Windows and were not any cause for concern. My question: why is Norton blocking actions that the OS believes it needs to take with respect to my system? Already the upgrade from v5 to v6 has nearly destroyed the ability of my computers that (only the ones that have been upgraded from v5 to v6) to connect to each other via Win 7 HomeGroup. It seems that Norton should be protecting the OS and its intended functions, not interfering with it.
How can I find out which software package is causing this? "svchost.exe" is too generic to identify the offending .dll.
Hi stevenizen,
It is very, very common to see scvhost.exe listed as an actor in Norton Product Tamper Protection entries. This happens all the time and is a normal event that does not affect Windows, Norton or your PC in any way. There is no point in investigating it unless you are experiencing problems - tweaking anything just to prevent future log entries risks causing problems where none currently exist. Like most of the Norton logs, the Tamper Protection log is for your information, and is not intended to show anything that would normally require user action.
stevenizen wrote:
How can I find out which software package is causing this? "svchost.exe" is too generic to identify the offending .dll.
Here is a site where it explains how to find out what is using svchost.exe. http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/
It explains how to use different tools to get the information you are looking for.