Hello,
We have sophos endpoint protection and exploit protection on over 100 systems.
I am seeing the below message spam event viewers on several systems several times a second which to me sounds like there is a likely performance slowdown due to it.
"The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume3\Windows\system32\CMD.EXE."
I am wondering if excluding cmd.exe from scans is a bad idea (will this exclude malicious scripts or batches that use cmd.exe?), or if there is another way to resolve this issue?
Thank you for the advice!
Richard
This thread was automatically locked due to age.
