Video Screencast Help

Excessive Tamper Alerts

Created: 07 Nov 2012 • Updated: 07 Nov 2012 | 4 comments

We are sill searching for a solution for our Excessive Tamper Alerts.

Per article TECH171057 this should have been fixed with the latest update. We have performed the update and have created the exception in our policy. However, the system in question is still getting excessive tamper alerts.

I see there is an option to turn off the notifications, but I was looking for a solution rather than a band aid for this particular situation. I've contacted the vendor for the software we are getting the alert for and they have referred us to setting up an exclusion policy.

I've been unable to locate any other suggestions or fixes online and was hoping you may be able to shed some light on this.



Comments 4 CommentsJump to latest comment

ᗺrian's picture

So you've added the exception for all clients affected and it's still not working?

If it is truly a bug and the latest release doesn't fix it, than I would call support.

I'm curious if as a test you completely uninstalled/reinstalled the latest version on one affected client to see what the result is. Perhaps it is an upgrade type bug which does not affect a clean install.

Other than adding an exception, turning off the notification, or disabling tamper protection, I don't know that there is much else that can be done. Especially if it still a bug in the latest release. Support would need to rectify.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mazakoptech's picture

Hi Brian,

Thank you for the response.

Yes, I added the exception in our policy. It appears only one system is affected with this issue. I have not had the chance to uninstall/reinstall as this user travels a lot. When back in the office I will try the uninstall.reinstall option.


Rafeeq's picture

i belive its a classroom software, check if there any update for it..

sandra.g's picture

Your screen shot says 12.1.1000 (which is RU1), but the KB article you reference says it was fixed with 12.1.1101 ("This problem is fixed in Symantec Endpoint Protection 12 Release Update 1 Maintenance Patch 1 (12.1 RU1-MP1).")... Was the client restarted after the upgrade?


Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!