I have a detection where svchost.exe is trying to delete \REGISTRY\USER\S-1-5-21-2954251252-2009956459-2392978873-42980\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
all the research I have done shows that if this was under HKLM\Software then it would probably be a virus or malware.
I'm thinking this is a Group Policy trying to do what it does and McAfee is stopping it as it is supposed to do. I guess I'm wanting to see if anyone else has had a similar experience and what you did, or do you simply ignore this alert?
I'm tempted to setup Application Control and run full scans and then allow this behaviour.