Try to kill a SEP process

ccSvcHst.exe

Smc.exe

Make sure you have logging turned on and check your Tamper Protection log after you do it.

As long as you have tamper protection turned on, you will simply get an error message along the lines of "Access Denied"

Other test - you can try enabling sylink logging - it is done through the registry:

http://www.symantec.com/business/support/index?pag...

- with tamper protection enabled you won't be able to change the registry keys.

Here are a couple articles that may help explain Tamper Protection and how to test it:

HOW TO change the LiveUpdate source of an unmanaged Windows Symantec Endpoint Protection 12.1 Client
http://www.symantec.com/docs/TECH166129 
 

About Tamper Protection
http://www.symantec.com/docs/HOWTO55267 

 

Hello,

Another Test you could perform is to change the sylink.xml in SEP 12.1. Without stopping the Tamper protection try changing the sylink.xml file.

Check this Article:

How to change the sylink.xml file in Symantec Endpoint Protection (SEP) 12.1

http://www.symantec.com/docs/TECH157585

It is possible to manually replace the sylink.xml file, however in order to do so Tamper Protection must first be disabled. 

This can be done on the client by going to Change Settings > Click Configure Settings under Client Management > Tamper Protection (Tab) > Then uncheck the box that saysProtect Symantec security software from being tampered with or shut down.

Once tamper protection is disabled:

1. Stop the SMC service by going to Start > Run > type in > smc -stop.
2. Once the service is stopped copy the sylink.xml file from the new SEPM and on the client side put that sylink.xml file under

      "\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<current_install_build_number>\Data\Config"

For Windows 7/2008/vista :

3. Replace the existing file and restart the SMC service with Start > Run > smc -start

Simple step

open cmd prompt

taskkill /f /im ccSvcHst.exe