Endpoint Protection

 View Only

  • 1.  How to Edit Symantec Registry Keys Server 2003 SP2

    Posted Nov 01, 2012 07:08 PM

    Hello,

    After doing quite a lot of searching, I haven't found any reference to Symantec securing its registry keys or how to get around it for required changes.

    When trying to create a new key value here {HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan} I end up with a message saying "Cannot creat value: Error writing to the registry."  This only seems to happen in the Symantec Keys.  I need to change the registry to resolve a Kernel stack overflow issue that is related to Symantec Endpoint Protection (I'm running v12).

    Details on fix: http://www.symantec.com/docs/TECH99708

    I've already made sure the permissions are set to allow me full access, so I figure Symantec must be restriting access.  Can someone tell me the secret?

    Thanks



  • 2.  RE: How to Edit Symantec Registry Keys Server 2003 SP2

    Posted Nov 01, 2012 08:23 PM

    You need to disable tamper protection. Registry keys are now also protected in 12.1

     

    How to Disable "Tamper Protection" on a SEP 12.1 Client

    http://www.symantec.com/business/support/index?page=content&id=TECH192023



  • 3.  RE: How to Edit Symantec Registry Keys Server 2003 SP2

    Posted Nov 01, 2012 08:24 PM

    its tamper protection which is not allowing you to change the key values or create new keys

    follow this document.

    http://www.symantec.com/business/support/index?page=content&id=TECH102688

    if its grayed out then u have to do it from the console

    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/c291bf8d5d97b5f68025736200576f9d?OpenDocument



  • 4.  RE: How to Edit Symantec Registry Keys Server 2003 SP2

    Posted Nov 02, 2012 01:45 AM

     

    • Tamper Protection can be enabled or disabled in a Group's General settings

      1. In the Symantec Endpoint Protection Manager (SEPM), on the left hand side, click Clients.
      2. On the Policies tab, under Settings, click General Settings.
      3. On the Tamper Protection tab, check (or uncheck) "Protect Symantec security software from being tampered with or shut down".

     

     

    NOTE: You must lock the lock icon in order to change the client settings or the option is still available on the client machines to enable or disable Tamper Protection.

     

    • Tamper Protection can now be configured with exclusions. Or to be more accurate, processes can be excluded from Tamper Protection in the new Centralized Exceptions feature.

      1. In the SEPM, choose the Policies section in the left pane. 
      2. Under View Policies, choose Centralized Exceptions.
      3. Under Tasks, choose "Add a Centralized Exceptions Policy...".