With System Lockdown enabled from Symantec Endpoint Protection Manager, Symantec Endpoint Protection client 'Control Log' shows that System Lockdown blocked svchost.exe process after login from a reboot. The Parameter shows \\?\C and the user is System. This issue was reported using Symantec Endpoint Protection Manager (SEPM) RU5 and Symantec Endpoint Protection RU5 client installed to Windows 7 Enterprise (x86), and after the File Fingerprint List from the Windows 7 computer was added to the SEPM group where System Lockdown is enabled. When System Lockdown is in Test Mode, the svchost process will not be blocked.


 

This problem is fixed in Symantec Endpoint Protection 11.0.6000.550 (RU6). For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x.