Ever since updating to VSE 8.8 Patch 7 I keep getting alerts through Automatic Responses triggered when this AP rule is violated. The problem is, events are coming in with "action taken: Deny read" when we do not have deny read set in that rule. This is causing a lot of unnecessary events to come through, and in turn it causes these machines to be quarantined. This never happened on VSE 8.8 patch 2, nor does anything come in with Deny Read on any machines still on patch 2. Is this a bug with Patch 7? It is causing a lot of unnecessary "panic" due to all these alerts coming in.
We are on Agent v220.127.116.118, ePO server is 5.3.1 build 188, fully up to date w patches, latest VSE management and reporting extensions.
You'll want to reach out to support to determine the proper course of action.
You could either determine the source of the "trigger", or you can work to filter those events out. But, that's about all I know about it