I tihink this is normal / ok.
The access protection rule Prevent Termination of McAfee Processes is triggered during the log in, log off, shut down, and locking processes. The splunkd process is accessing and enumerating the running processes with a permission set that allows it to terminate processes, though it might not actually be attempting to terminate processes.
You can add the splunkd process to exclusions in the VSE policies (Access Protection policies)
Just make sure you check this with Splunk support first.
... View more