Logs show it continues to access or modify my Norton, so I have the same issue, a long and roughly written experience below
Originally I was using Windows Defender, and I kept noticing my offline scan was disabled. Whenever this occurs it's a 99% chance of malware/rootkit.
I ended up wiping my PC a few times to still find, the offline scan would disable after a time. Upon looking in the logs, I found that my offline scan was being disabled in the registry. (I didn't put any old files on the computer)
I found the string that was changed, so I attempted to turn windows defender back on by changing the service to a 1, it said I need admin (which I had)
I installed Norton, without wiping the PC, when windows defender didn't work. I wasn't able to fully do an offline scan with Norton either, it would always end in an error; it also kept saying something was on the PC, but it would crash and not be able to erase / quarantine it
Fast forward to now, I wiped my PC today, fresh install of Norton, and rtkaudservice64.exe was attempting to access Norton, so I disabled the service, and completely deleted it from my PC
Now I have no issues, this is really strange from a signed driver
@redcon1 did disabling the service & removing it from the PC have any effect on your audio driver? Apparently my Norton has been giving the same error too lately! I noticed it today when the machine just froze & i had to press the power button for a while until it restarted!
redcon1
1 Message
0
May 31st, 2019 19:00
I have the exact same issue occurring.
File - rtkaudservice64.exe
Signed by Microsoft, listed safe with Norton
Logs show it continues to access or modify my Norton, so I have the same issue, a long and roughly written experience below
Originally I was using Windows Defender, and I kept noticing my offline scan was disabled. Whenever this occurs it's a 99% chance of malware/rootkit.
I ended up wiping my PC a few times to still find, the offline scan would disable after a time. Upon looking in the logs, I found that my offline scan was being disabled in the registry. (I didn't put any old files on the computer)
I found the string that was changed, so I attempted to turn windows defender back on by changing the service to a 1, it said I need admin (which I had)
I installed Norton, without wiping the PC, when windows defender didn't work. I wasn't able to fully do an offline scan with Norton either, it would always end in an error; it also kept saying something was on the PC, but it would crash and not be able to erase / quarantine it
Fast forward to now, I wiped my PC today, fresh install of Norton, and rtkaudservice64.exe was attempting to access Norton, so I disabled the service, and completely deleted it from my PC
Now I have no issues, this is really strange from a signed driver
This was an extremely rushed explanation
alpinsava
2 Intern
•
13 Posts
0
September 19th, 2019 05:00
Hamberfim
1 Message
0
November 21st, 2019 07:00
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
11/21/2019 9:12:25 AM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,11/21/2019 9:12:25 AM,C:\WINDOWS\SYSTEM32\RTKAUDUSERVICE64.EXE,4576,C:\Program Files\Norton Security\Engine\22.19.8.65\NortonSecurity.exe,4416,Access Process Data,Unauthorized access blocked
Having the same issue. At times it will lock up the system and I will have to do a forced restart.
I scanned the file itself.
Scan Targets: C:\Windows\System32\RtkAudUService64.exe
Counts:
Total items scanned: 1
- Files & Directories: 1
- Registry Entries: 0
- Processes & Startup Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 1
- Skipped Files: 0
Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0
Is deleting the file an option or does that just create a new problem with the system audio?