During internal check or Monitoring tools might highlight that Symantec Management Agent executable is performing periodical check and accessing HKLM\SOFTWARE\Microsoft\SystemCertificates path in registry

ITMS 8.x

Symantec Management Agent periodically checking that certificates it uses are presented and not corrupted. These include root, intermediate and private certificates.

There were cases where our  certificates were accidentally removed by 3rdparty software.

The default period is 3 hours although the certificates can be occasionally validated at different times as well.

Agent service is not writing into these registry keys directly, but rather calls Windows to validate the certificates.