Is this there an impact on the endpoint? It could be you just need to filter this event and ignore it. Also, is this file, catdb, located on those other 1000 machines you mention? It could be malicious adn App Control is doing exactly what it's suppsoed to be doing. If you know this file is safe and should be trying to do what it is doing you could just put the system in Update Mode and resolidify the drive. One thing I have run into that is supposed to be fixed with version 6 I believe (which I see you have), is if you make a change to a program that is currently running in memory a service restart or a reboot is necessary for App Control's MP (memory protection) to kick in. Good luck!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.