Anyone seeing Flash Scans kicked off by Cisco AMP killing legit processes, like chrome.exe, excel.exe lsass.exe, spoolsv.exe, etc? Showing up in Events as an Exploit Prevented? This has only crept up for us today, and is maybe related to the 7.0.5.11403 version (testing on IT computers, other computers with the old 6.x version do not appear to be having an issue).
I do have Exploit Prevention turned on in my Policy, but it's been turned on for a while without any issues.