I was looking through my Norton history and noticed that the Windows Malicious Software Removal Tool had made 2 attempts at targeting Norton itself followed by what seems to be a successful attempt and I am just wondering if this is anything to be worried about or is it something as simple as just a scan.
RisenOne:
I am just wondering if this is anything to be worried about or is it something as simple as just a scan.
I'm reading your Date & Time as Wednesday 11-Oct-2023.
Maybe, your Windows Update MRT scan was 11-Oct-2023
~ sounds like Windows Update event - just a scan.
The Microsoft Windows Malicious Software Removal Tool checks computers for infections by specific, prevalent malicious software, including Blaster, Sasser, and Mydoom—and helps remove any infection found.
Once MSRT has been downloaded to your computer, it will run the scan automatically. If any infections are found, you will be notified right away and asked to click on the notification to complete the removal process.’
Microsoft releases an updated version of this tool on the second Tuesday of each month, as needed to respond to security incidents. The version of the tool delivered by Windows Update runs in the background and then reports if an infection is found. (source thewindowsclub.com)
The Unauthorized access blocked messages in your security history are logged by Norton Product Tamper Protection when an executable file attempts to read/write/edit/delete a Norton file. Common Windows processes like svchost.exe, taskmgr.exe, dfrgntfs.exe, etc. as well as executable from third-party software will cause an Unauthorized Access Blocked message to be logged if they touch a file from your Norton installation. Please see post <here> in the Product Suggestions board regarding logging of these blocks. (credit Imacri)
Norton Product Tamper Protection events are not reports of malware. Unauthorized access blocked (Access Process Data) messages in your security history are not reports of malware. The most common Norton Product Tamper Protection log entries are legitimate Windows processes that Norton is preventing from accessing Norton files or processes.
Norton Product Tamper Protection events are normal, as legitimate programs and Windows processes frequently try to access Norton files or processes. Norton blocks attempts by outside agents - even legitimate Windows processes. There is no need to do anything. No need to scan with a third-party anti-malware program, no need to change services settings. These events are not attacks. They can be ignored. Unless the actor in the logs is an actual malicious process that does not belong on your PC, these events are totally harmless and routine. (credit SendOfJive)
I have not opened your png files out of caution for clicking links but it is probably Norton Tamper Protection protecting Norton from any possible changes.
What is the name of the program in your history? You can exclude this program from future runs via your settings / antivirus / scans and risks.
I have excluded SVCHOST and WERFAULT and MSIEXEC and I do not get any history messages.