Endpoint Protection

Hi,

 

How can I disable tamper protection on a server running SEP12.1, when SMC can't be started??

hi,

Please check with this..

http://www.symantec.com/business/support/index?page=content&id=TECH192023

If SMC is not running there is now system tray icon

Not sure if you can since smc is stopped...can you try to start? Will it not start?

it will not start, that's the real problem

HI,

Can you explain me "SMC can't be started??"

If your Symantec service are not running so why do you want to disable tamper protection ?

you can try to remove antivirus add/remove program or try to repair sep client.

 

Yes, Ashish is right.

If your symantec services are not running then why do you want to disable tamper protection.

And please let me know which services are not getting start

Not sure you can do it - usually the way you do it is either from SEP console or through SEPM assigned policy - to both you need the SMC to run.

Did you reboot the machine?

The problem is that when I run a repair it fails with a fatal error and I can remove it becuase I'm not allows to reboot the server until 3 weeks. I was trying to enable debug, to see why SMC is not starting but tamper protection will not allow me to change the registry

Hi,

You can attempt to repair with original SEP setup file.

You can try to run SST on affected machine to collect the logs.

Check event viewer also.

 

HI,

try to run Clean wipe and uninstall sep client

Hello,

Any particular reason you want to disable the Tamper protection for??

If I would have been your case, I would have been more interested in finding out - why the SMC services are not running as it's directly concerns the security of the machine than disabling the Tamper protection.

However, you may uninstall the SEP client and Reinstall the SEP client again which may resolve the issue.

If you read my comment, I will not be allows to reboot the server until 3 week. That why I'm trying to solve it without reinstall (that request a reboot). but how can I found out the reason SMC service is not starting, if I can't start the debug.

Open a cmd prompt and try:

taskkill /F /IM smc.exe (it may give access denied but at least try)

If the above works, in the cmd window type net start "Symantec Management Client"

Ok...

You can't restart system until 3 weeks but why you want to disable tampar protection ?

 

If you want to disable Tamper Protection try to change registry entry ..

 

Start > Run > regedit

Click OK

Browse to:

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymProtect\RealTimeScan\Disabled

By default, Tamper protection is enabled and ON.
This will be shown as Disabled REG_DWORD 0x00000000 (0)
Disabled = 0

For disabling Tamper protection (OFF), edit the registry value and set it to 1
This will be shown as Disabled REG_DWORD 0x00000000 (1)
Disabled = 1

Steps to change this registry value:

Right-click [Disabled] and select Modify
Change Value data from 0 to 1

You can't do this if tamper protection is enabled.

ohh yaa brian thanks for point me thanks a ton..

 

I believe with 12.1, tamper protection now also applies to registry keys as well so it makes this a little tougher to disable per your steps above. With 11.x this would've worked

If you want to disable or remove Tamper Protection go to 

Device Manager- view- Show HIdden Devices- Non Plug n Play devices -

Looks for SPBBBCDrv (thats Tamper Protection)(

right click disable or un-install it.

sorry can't find SPBBBCDrv

HI,

We have almost try all of think you can remove antivirus and reinstall again only last hope..

Have you checked the event log for errors?  I have found this helps.

 

Howie