When you change the
edb.log file, it results in the following being recorded in the
s3diag.log and
Solidcore.log files:
<WRITE_DENIED file_name="C:\WINDOWS\Security\Database\edb.log" pid="976" process_name="c:\windows\system32\services.exe" ppid="896" parent_process_name="c:\windows\system32\wininit.exe" event_time="1534227106927" event_time_utc="Aug 14 2018:06:11:46" is_system_file="false" deny_reason="File-solidified" user_name="NT Authority\System" />
U.3304.3704: Aug 15 2018:10:19:41.654: ERROR: evt.c : 1256: McAfee Solidifier prevented an attempt to modify file 'C:\WINDOWS\Security\Database\edb.log' by process/script C:\Windows\System32\services.exe (sha1: 3dc7889dd4fce098f026876e75131839c6918a32, md5: 8207db785c4a1a8c901154d12df6e38e) (Process Id: 984, User: NT AUTHORITY\SYSTEM).