anyone know what it means when c:\solidcore\ntdl_c__.dll or c:\solidcore\k32_c___.dll appears as the object name in an execution denied event
If something was trying to overwrite the file this would be a File Write Denied event. Not an Execution Denied. If the file had already been overwritten by something that is not an Updater then the file is no longer solidified. Subsequent executions would then generate an Execution Denied event. Maybe this is what's happening?
I ran sadmin lu to get a list of non solidified files and none of the mentioned where listed. The overwrite didn't sound good to me either but i didn't think about how it should be File Write Denied so thankyou for that. Currently i have an open ticket with tier 2 which should be going to tier 3 soon. They are now saying the events are being generated because my point of sale binaries are trying to access solidcore files. I am guessing it has to do something with how solidcore injects itself into the kernal.. we will see
Reported as BUG BZ 737261. They say it is just a reporting bug and will be fixed in 6.1