Dont know why or what keeps causing this to trigger. Should it be denied or allowed?

The Process 'C:\WINDOWS\SYSTEM32\cmd.exe' (user) attemped to access 'C:\WINDOWS\SYSTEM32\drivers\etc\services'. The attempted access was a write (operation = OPEN/ WRITE).

The user was queried and a 'Yes' response was received.