Symantec Endpoint Protection (SEP) is causing the Windows Security Event logs to be filled up with Event ID 4673
Event ID 4673 is called “Sensitive Privilege Use” and is tracked by the policy “Audit Privilege Use” which must have enabled in the environment.
Issue affects Symantec Endpoint Protection 14.2 RU2, 14.2 RU2 MP1, 14.3, and 14.3 MP1
This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 RU1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.
ESCRT-3739