Moved to ePO for better handling. - Mod
I believe McAfee re-designed this access protection rule in VSE 8.8 so that it will only trigger if the process is explicitly seeking the right to terminate the process. However, I have ran into the exact same issue with ccmexec.exe (SMS) in VSE 8.8 where I pretty much know that process is doing no such thing. Ultimately, it might not be the intent of the process, but the code sets the chain of events in motion causing for a request to be made to acquire the terminate privilege explicitly, and then the McAfee access protection rule will inevitably trigger.
A service running within SVCHost.exe or a third-party process is accessing and enumerating the running processes with a permission set that allows it to terminate processes, though it might not actually be attempting to terminate processes. Some third-party applications enumerate processes with the privilege to terminate processes. This can cause the rule to be triggered many times per minute, depending on the application.
The easy solution is to just exclude 2007\HealthService.exe from the rule since you trust it.
Thank you for the fast reply. I went ahead and added an exclusion and will continue to monitor the test environment.