We've been lately getting these messages in logging:
Protection violation occurred on <Machine name> at <time>.
File integrity check detected a change in c:\kworking\KlogConfig\alertSet.xml. Client copy replaced with a copy from the server.
As per previous instances of this being geenrated it's nothing to worry about:
But I am wondering why is it coming up only just recently? and what can be done to stop the messages?
a hotfix released on 9th July meant to "add the missing trigger that would cause the protection alert" has resulted in sending you emails about file integrity check
A new copy of alertset.xml is placed from server everytime a setting is changed in event log settings and alerts. And for the machine you reported, it currently seems the same. If you check the configuration log you will see the settings being done and that is why a new copy of alertset.xml is pushed to this endpoint. Consequently an email has been sent as an alert. This is most probably because of the new hotfix released.
You will need to untick the below shown option (Monitor - Alerts - Protection Violation -Distributed file changed (...) ) in alerts to not receive emails for this protection violation function for all the machines where it has been set up
When will this be fixed?