0 Replies Latest reply on Mar 7, 2010 2:02 PM by Sigea

    Help identifying what's behind services.exe Access Protection Log entry

      Is there a way to identify which process id (and perhaps thread id) behind the access protection log entries generated when enabling "Common Maximum Protection:Prevent HTTP communication" rule

       

      3/7/2010    2:03:57 PM    Blocked by port blocking rule     C:\WINDOWS\system32\services.exe    Common Maximum Protection:Prevent HTTP communication     xxx.xxx.xxx.xxx

       

      I'm sure it's benign, but would like to know how to pinpoint what is causing this entry.