How to disable Tamper Protection in Symantec Endpoint Protection 12.1

Article:TECH192023  |  Created: 2012-06-29  |  Updated: 2014-03-27  |  Article URL http://www.symantec.com/docs/TECH192023
Article Type
Technical Solution


Issue



Tamper Protection is a feature of Symantec Endpoint Protection 12.1 (SEP) which prevents non-Symantec software from modifying SEP processes, files, folders, and Registry entries.

It is sometimes necessary to disable Tamper Protection if, for example, you need to modify a SEP Registry value. This document explains how to disable Tamper Protection from within the SEP client GUI and from within the Symantec Endpoint Protection Manager (SEPM) console.


Solution



How to disable Tamper Protection within the SEP client GUI:

Note: This option is best if you only need to disable Tamper Protection on a small number of clients. If you need to disable Tamper Protection for a large number of clients, please see the steps below for changing this setting within the SEPM.

  1. Open SEP
  2. Click Change Settings
  3. Click Configure Settings (next to Client Management)
  4. Click the Tamper Protection tab
  5. Perform one of the following actions:
    1. Uncheck Protection Symantec security software from being tampered with or shut down. This disables Tamper Protection.
    2. Change the dropdown menu to Log only.  Note: This setting leaves Tamper Protection enabled, however, Tamper Protection will no longer block attempts to modify SEP's files, folders, processes, and Registry values.
  6. Click OK. Tamper Protection is now disabled for this SEP client.

 

How to disable Tamper Protection within the Symantec Endpoint Protection Manager (SEPM) Enterprise Edition console:

Note: This option is best if you need to disable Tamper Protection for a large number of clients.

  1. Open the SEPM console
  2. Click Clients
  3. Select the client-group you want to modify
  4. Click the Policies tab
  5. Click General Settings
  6. Click the Tamper Protection tab
  7. Perform one of the following actions:
    1. Uncheck Protection Symantec security software from being tampered with or shut down. This disables Tamper Protection.
    2. Change the dropdown menu to Log only.  Note: This setting leaves Tamper Protection enabled, however, Tamper Protection will no longer block attempts to modify SEP's files, folders, processes, and Registry values.
  8. Click OK. Tamper Protection will be disabled for clients within this client-group and clients within client-groups which inherit policies from this group as soon as they receive the updated policy from the SEPM.

 

How to disable Tamper Protection within the Symantec Endpoint Protection Manager (SEPM) Small Business Edition console:

Note: This option is best if you need to disable Tamper Protection for a large number of clients.

  1. Open the SEPM SBE console
  2. Click Computers
  3. Select the client-group you want to modify
  4. Click the Policies tab
  5. Click Edit Settings next to Tamper Protection and Submissions
  6. Perform one of the following actions:
    1. Uncheck Protection Symantec security software from being tampered with or shut down. This disables Tamper Protection.
    2. Change the dropdown menu to Log only.  Note: This setting leaves Tamper Protection enabled, however, Tamper Protection will no longer block attempts to modify SEP's files, folders, processes, and Registry values.
  7. Click OK. Tamper Protection will be disabled for clients within this client-group and clients within client-groups which inherit policies from this group as soon as they receive the updated policy from the SEPM.



Article URL http://www.symantec.com/docs/TECH192023


Terms of use for this information are found in Legal Notices