Video Screencast Help

How to disable tamper protection when SMC is not running

Created: 07 Feb 2013 • Updated: 07 Feb 2013 | 22 comments

Hi,

 

How can I disable tamper protection on a server running SEP12.1, when SMC can't be started??

Comments 22 CommentsJump to latest comment

Ambesh_444's picture

hi,

Please check with this..

http://www.symantec.com/business/support/index?pag...

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

.Brian's picture

Not sure if you can since smc is stopped...can you try to start? Will it not start?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

Can you explain me "SMC can't be started??"

If your Symantec service are not running so why do you want to disable tamper protection ?

you can try to remove antivirus add/remove program or try to repair sep client.

 

Thanks In Advance

Ashish Sharma

 

 

Ambesh_444's picture

Yes, Ashish is right.

If your symantec services are not running then why do you want to disable tamper protection.

And please let me know which services are not getting start

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SebastianZ's picture

Not sure you can do it - usually the way you do it is either from SEP console or through SEPM assigned policy - to both you need the SMC to run.

.Brian's picture

Did you reboot the machine?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Seorm's picture

The problem is that when I run a repair it fails with a fatal error and I can remove it becuase I'm not allows to reboot the server until 3 weeks.

I was trying to enable debug, to see why SMC is not starting but tamper protection will not allow me to change the registry

Chetan Savade's picture

Hi,

You can attempt to repair with original SEP setup file.

You can try to run SST on affected machine to collect the logs.

Check event viewer also.

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Ashish-Sharma's picture

HI,

try to run Clean wipe and uninstall sep client

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Any particular reason you want to disable the Tamper protection for??

If I would have been your case, I would have been more interested in finding out - why the SMC services are not running as it's directly concerns the security of the machine than disabling the Tamper protection.

However, you may uninstall the SEP client and Reinstall the SEP client again which may resolve the issue.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Seorm's picture

If you read my comment, I will not be allows to reboot the server until 3 week. That why I'm trying to solve it without reinstall (that request a reboot).

but how can I found out the reason SMC service is not starting, if I can't start the debug.

Ashish-Sharma's picture

Ok...

You can't restart system until 3 weeks but why you want to disable tampar protection ?

 

If you want to disable Tamper Protection try to change registry entry ..

 

Start > Run > regedit

Click OK

Browse to:

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymProtect\RealTimeScan\Disabled

By default, Tamper protection is enabled and ON.
This will be shown as Disabled REG_DWORD 0x00000000 (0)
Disabled = 0

For disabling Tamper protection (OFF), edit the registry value and set it to 1
This will be shown as Disabled REG_DWORD 0x00000000 (1)
Disabled = 1

Steps to change this registry value:

Right-click [Disabled] and select Modify
Change Value data from 0 to 1

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

You can't do this if tamper protection is enabled.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

ohh yaa brian thanks for point me thanks a ton..

 

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

I believe with 12.1, tamper protection now also applies to registry keys as well so it makes this a little tougher to disable per your steps above. With 11.x this would've worked

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Open a cmd prompt and try:

taskkill /F /IM smc.exe (it may give access denied but at least try)

If the above works, in the cmd window type net start "Symantec Management Client"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vikram Kumar-SAV to SEP's picture

If you want to disable or remove Tamper Protection go to 

Device Manager- view- Show HIdden Devices- Non Plug n Play devices -

Looks for SPBBBCDrv (thats Tamper Protection)(

right click disable or un-install it.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Ashish-Sharma's picture

HI,

We have almost try all of think you can remove antivirus and reinstall again only last hope..

Thanks In Advance

Ashish Sharma

 

 

hforman's picture

Have you checked the event log for errors?  I have found this helps.

 

Howie