How to disable tamper protection when SMC is not running
Created: 07 Feb 2013 | Updated: 07 Feb 2013 | 22 comments
Hi,
How can I disable tamper protection on a server running SEP12.1, when SMC can't be started??
Discussion Filed Under:
Comments 22 Comments • Jump to latest comment
hi,
Please check with this..
http://www.symantec.com/business/support/index?pag...
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
If SMC is not running there is now system tray icon
Not sure if you can since smc is stopped...can you try to start? Will it not start?
SEP Knowledge Base
Endpoint SWAT
it will not start, that's the real problem
HI,
Can you explain me "SMC can't be started??"
If your Symantec service are not running so why do you want to disable tamper protection ?
you can try to remove antivirus add/remove program or try to repair sep client.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Yes, Ashish is right.
If your symantec services are not running then why do you want to disable tamper protection.
And please let me know which services are not getting start
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Not sure you can do it - usually the way you do it is either from SEP console or through SEPM assigned policy - to both you need the SMC to run.
Did you reboot the machine?
SEP Knowledge Base
Endpoint SWAT
The problem is that when I run a repair it fails with a fatal error and I can remove it becuase I'm not allows to reboot the server until 3 weeks.
I was trying to enable debug, to see why SMC is not starting but tamper protection will not allow me to change the registry
Hi,
You can attempt to repair with original SEP setup file.
You can try to run SST on affected machine to collect the logs.
Check event viewer also.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
HI,
try to run Clean wipe and uninstall sep client
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello,
Any particular reason you want to disable the Tamper protection for??
If I would have been your case, I would have been more interested in finding out - why the SMC services are not running as it's directly concerns the security of the machine than disabling the Tamper protection.
However, you may uninstall the SEP client and Reinstall the SEP client again which may resolve the issue.
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
If you read my comment, I will not be allows to reboot the server until 3 week. That why I'm trying to solve it without reinstall (that request a reboot).
but how can I found out the reason SMC service is not starting, if I can't start the debug.
Ok...
You can't restart system until 3 weeks but why you want to disable tampar protection ?
If you want to disable Tamper Protection try to change registry entry ..
Start > Run > regedit
Click OK
Browse to:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymProtect\RealTimeScan\Disabled
By default, Tamper protection is enabled and ON.
This will be shown as Disabled REG_DWORD 0x00000000 (0)
Disabled = 0
For disabling Tamper protection (OFF), edit the registry value and set it to 1
This will be shown as Disabled REG_DWORD 0x00000000 (1)
Disabled = 1
Steps to change this registry value:
Right-click [Disabled] and select Modify
Change Value data from 0 to 1
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
You can't do this if tamper protection is enabled.
SEP Knowledge Base
Endpoint SWAT
ohh yaa brian thanks for point me thanks a ton..
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
I believe with 12.1, tamper protection now also applies to registry keys as well so it makes this a little tougher to disable per your steps above. With 11.x this would've worked
SEP Knowledge Base
Endpoint SWAT
Open a cmd prompt and try:
taskkill /F /IM smc.exe (it may give access denied but at least try)
If the above works, in the cmd window type net start "Symantec Management Client"
SEP Knowledge Base
Endpoint SWAT
If you want to disable or remove Tamper Protection go to
Device Manager- view- Show HIdden Devices- Non Plug n Play devices -
Looks for SPBBBCDrv (thats Tamper Protection)(
right click disable or un-install it.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
sorry can't find SPBBBCDrv
HI,
We have almost try all of think you can remove antivirus and reinstall again only last hope..
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Have you checked the event log for errors? I have found this helps.
Howie
Would you like to reply?
Login or Register to post your comment.