System access point violations

When a system access point is violated, the action taken depends on how the rule was configured.

If the rule was configured to:

  • Report — Information is recorded in the log file.

  • Block — Access is denied.

Review the log file to determine which system access points were violated and which rules detected the violations, then configure the access protection rules to allow users access to legitimate items and prevent users from accessing protected items.

Use these scenarios to decide which action to take as a response.


Detection type Scenarios
Unwanted processes
  • If the rule reported the violation in the log file, but did not block the violation, select the Block option for the rule.
  • If the rule blocked the violation, but did not report the violation in the log file, select the Report option for the rule.
  • If the rule blocked the violation and reported it in the log file, no action is necessary.
  • If you find an unwanted process that was not detected, edit the rule to include it as blocked.
Legitimate processes
  • If the rule reported the violation in the log file, but did not block the violation, deselect the Report option for the rule.
  • If the rule blocked the violation and reported it in the log file, edit the rule to exclude the legitimate process from being blocked.

System access point violations