Endpoint Protection Small Business Edition

 View Only

  • 1.  Problems Adding Exception to Tamper Protection

    Posted Nov 22, 2011 10:01 AM
      |   view attached

     Hi! We recently started using GFI LANguard software on our network to update and check all our workstations everyday. Since we have started using this software I have noticed in workstation event viewer logs that symantec tamper protection is blocking this software. I have attached a word doc and on the first page I have a screen shot of what the event says.

     The problem is that I have logged onto the SEPM Console and clicked on policies and exceptions and added the file path as an exception to tamper protection, but everyday the software is still being blocked? I have a screen shot of what I added to tamper protection on the second page of the word doc attached.

    I have contacted Symantec, but they have not been much help. The tech is advising me to disabled tamper protection, which we don't want to do. Can someone look at the screen shots I have provided and tell me if I am doing something wrong? Thanks!

    Attachment(s)

    docx
    Tamper Protection Blocking Software.docx   63 KB 1 version


  • 2.  RE: Problems Adding Exception to Tamper Protection

    Posted Nov 22, 2011 10:09 AM

    Hello Valley ,

    It seems the exceptions which you have added has got action as blocked and not Ignore ,kindly check and set the action for you applicaiton added as ignore .

    Secondly . Have you tried adding exe insscomm.exe as exception ?

    there must be some other dll file related to or might be some subfolders for this applicaiton ? if yes add them and select action as ignore .

    If this application is on server machine and launched by user from shortcut then add the path under exception .

    http://www.symantec.com/business/support/index?page=content&id=TECH104326

    try adding folder for this exe as exception



  • 3.  RE: Problems Adding Exception to Tamper Protection

    Posted Nov 22, 2011 11:16 AM

    Valley_Girl, your second image shows incorrect use of variables and hard-coded path.

    You have to chose between one format or the other.

    If you use the hard coded path, the variable should be set to None

    In the meanwhile, logging - as suggested by swapnil - is the only option.

    I have raised a support issue on this - because even with logging - the events show as errors in the Event viewer.  Tech support says this "is known issue and symantec is working on this'

    Which doesn't make me feel so great about a product that was supposed to be bullet-proof...