i apologize, i knew it was tamper protection, just names it against the warning in the email. it is not a warning as it is an informative email. i was just curious if this is the only option, to make an exception.
after doing some digging, i noticed a few others that call this email.
when one ouf our developers run Visual Studios, it throws up this application control event,
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
08/22/2011 08:49:44
|
Tamper Protection
Major
1
|
XXXX.com
AV1
My Company\Computers From AD\Computers
|
CD101224
10.0.10.14
Windows 7
|
dbrown
|
Allow
|
C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
|
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe"
|
08/22/2011 08:49:44
|
Tamper Protection
Major
1
|
XXXX.com
AV1
My Company\Computers From AD\Computers
|
CD101224
10.0.10.14
Windows 7
|
dbrown
|
Allow
|
C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
|
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe"
|
08/22/2011 08:49:44
|
Tamper Protection
Major
1
|
XXXX.com
AV1
My Company\Computers From AD\Computers
|
CD101224
10.0.10.14
Windows 7
|
dbrown
|
Allow
|
C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
|
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe"
|
and one of our conference mahcines will throw up an application control event which looks like a reference to IE
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
08/23/2011 03:02:33
|
Tamper Protection
Major
1
|
XXXXcom
AV1
My Company\Computers From AD\Service Computers
|
CD101211
10.0.12.21
Windows 7
|
SYSTEM
|
Allow
|
C:\WINDOWS\TEMP\IE984F4.TMP\IE9-SUPPORT\IENRCORE.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
|
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe"
|
08/23/2011 03:02:33
|
Tamper Protection
Major
1
|
XXXX.com
AV1
My Company\Computers From AD\Service Computers
|
CD101211
10.0.12.21
Windows 7
|
SYSTEM
|
Allow
|
C:\WINDOWS\TEMP\IE984F4.TMP\IE9-SUPPORT\IENRCORE.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
|
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe"
|
again, just trying to understand what is causing this email and if i can remedy this other than an exception on the SEP manager.
thanks for the previous answers and thanks in advance