Changing Tamper Protection settings

Article:HOWTO55266  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55266
Article Type
How To


Subject


Changing Tamper Protection settings

You can enable and disable Tamper Protection and configure the action that it takes when it detects a tampering attempt. You can also configure it to notify users when it detects a tampering attempt.

Tamper Protection settings are configured globally for a selected group.

A best practice when you initially use Symantec Endpoint Protection is to use the action Log the event only while you monitor the logs once a week. When you are comfortable that you see no false positives, then set Tamper Protection to Block it and log the event.

See About Tamper Protection

You can configure a message to appear on clients when Symantec Endpoint Protection detects a tamper attempt. By default, notification messages appear when the software detects a tamper attempt.

The message that you create can contain a mix of text and variables. The variables are populated with the values that identify characteristics of the attack. If you use a variable, you must type it exactly as it appears.

To change Tamper Protection settings

  1. In the console, click Clients.

  2. On the Policies tab, under Settings, click General Settings.

  3. On the Tamper Protection tab, check or uncheck Protect Symantec security software from being tampered with or shut down.

  4. In the list box under Actions to take if an application attempts to tamper with or shut down Symantec security software, select one of the following options:

    • Block it and log the event

    • Log the event only

  5. Check or uncheck Display a notification message when tampering is detected.

  6. Click the lock icon next to options that you do not want users to change.

  7. Click OK.


Legacy ID



v45029869_v59371754


Article URL http://www.symantec.com/docs/HOWTO55266


Terms of use for this information are found in Legal Notices