Is this there an impact on the endpoint? It could be you just need to filter this event and ignore it. Also, is this file, catdb, located on those other 1000 machines you mention? It could be malicious adn App Control is doing exactly what it's suppsoed to be doing. If you know this file is safe and should be trying to do what it is doing you could just put the system in Update Mode and resolidify the drive. One thing I have run into that is supposed to be fixed with version 6 I believe (which I see you have), is if you make a change to a program that is currently running in memory a service restart or a reboot is necessary for App Control's MP (memory protection) to kick in. Good luck!