I am seeing the following message: "The process 'C:\Windows\system32\winlogon.exe (as user NT Authority\System) attempted to modify a Cisco Service Agent resource Cisco process c:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe. The Operation was denied." This firing rule was 699. I have also attached a screenshot of the firing rule details. Has anyone seen this before or have any ideas?
The alert is comming from the agent running on the MC, which appears to have been disabled.