EPP for Server Premium behavior
I'm writing about an issue we had a few days ago.
Context: Windows Server 2016 with WithSecure Elements EPP for Servers Premium. DataGuard is active on every user's main folders (no domain) and on 3 data folders. All of a sudden after DataGuard detected a suspicious application (known application and known alert that was reported before without any further issues) the whole system crashed and the agent locked almost every single file, system file, and system setting. Everything on that server was locked by WithSecure making it unusable. The only thing I could do to unlock it was to completely remove anything related to WithSecure from Windows SafeMode.
What I'd like to understand is if this is a normal behavior of EPP and if that means that a malware was trying to attack and to protect data EEP "locked down" anything or not. What else could have been the trigger?
Attached there's EventViewer log that shows the exact moment from which everything started.