Reboot, then revisit if the events are occurring.
A patch update can "break" the product's trust mechanism, i.e. it doesn't trust its own processes making changes etc, and they get flagged by Access Protection.
Reboot will correct it - forces Trust to be reacquired.
It's a limitation I'm expecting will improve in future releases.
Thanks for the response!
Have a look if that workstation is receiving the the policies as should. Check either via ePO and watch the Agent Monitor from there or do a Check New Policies/Enforce Policies via the Agent on the local machine. Might be a corrupt agent.
Reinstalling the agent could solve the issue there.