Determine cause of CodeCave exploit events

We are seeing many CodeCave exploit events with Intercept X EAP clients. We are suspect that a behavioral monitoring application is causing this. How can I determine the cause?

Thanks for helping!

Johan