Ransomware-prompted Once At Encounter And Once In Events Log

Hi Forumers,

I've installed 2016 and activated ransomware. When something it's concerned about occurs, I get a popup alerting me to the potential issue.

I can click on allow and things continue along, apparently, fine.

I find, however, that an entry is created in the log as well for the event and it, too, asks if the operation should be allowed.

Do I have to answer both items to ensure that Ransomware will allow future writes or can I ignore the entries that are showing up in the events logs?

An example of the event log is attached.

If anything, if I've OKed the access on the initial popup, shouldn't the event log actually counter that operation, i.e. if I've said allow, the event log should "revoke" or "remove" in case my allowing it was in error.

That way, I don't have to "double handle" the one event?

Thanks and regards