We are using Cisco's Security Agent as a host based IPS in our network. It works via a set of rules, much like anything else. I have scoured every website, talked to Cisco's TAC and this is my last resort.
Why.. is.. the file "wuauclt.exe" trying to access users PST files. The outlook PST files are in different locations on different machines. I have verified that the wuauclt.exe file is the legitimate one from Microsoft. What EXACTLY is this file doing, and why is it looking into PST files. See below for a few of the messages that I get from CSA.
The process 'C:\WINDOWS\system32\wuauclt.exe' (as user NT AUTHORITY\SYSTEM) attempted to access 'C:\EXCHANGE\MAYO2006.PST'. The attempted access was a read (operation = OPEN/READ). The operation was denied and process terminated.
The process 'C:\WINDOWS\system32\wuauclt.exe' (as user NT AUTHORITY\SYSTEM) attempted to access 'C:\DOCUMENTS AND SETTINGS\CARLSON\EXCHANGE\CARLSON2006.PST'. The attempted access was a read (operation = OPEN/READ). The operation was denied and process terminated.
