Video Screencast Help

Problems Adding Exception to Tamper Protection

Created: 22 Nov 2011 | 2 comments

 Hi! We recently started using GFI LANguard software on our network to update and check all our workstations everyday. Since we have started using this software I have noticed in workstation event viewer logs that symantec tamper protection is blocking this software. I have attached a word doc and on the first page I have a screen shot of what the event says.

 The problem is that I have logged onto the SEPM Console and clicked on policies and exceptions and added the file path as an exception to tamper protection, but everyday the software is still being blocked? I have a screen shot of what I added to tamper protection on the second page of the word doc attached.

I have contacted Symantec, but they have not been much help. The tech is advising me to disabled tamper protection, which we don't want to do. Can someone look at the screen shots I have provided and tell me if I am doing something wrong? Thanks!

Comments 2 CommentsJump to latest comment

Swapnil khare's picture

Hello Valley ,

It seems the exceptions which you have added has got action as blocked and not Ignore ,kindly check and set the action for you applicaiton added as ignore .

Secondly . Have you tried adding exe insscomm.exe as exception ?

there must be some other dll file related to or might be some subfolders for this applicaiton ? if yes add them and select action as ignore .

If this application is on server machine and launched by user from shortcut then add the path under exception .

http://www.symantec.com/business/support/index?page=content&id=TECH104326

try adding folder for this exe as exception

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kahml's picture

Valley_Girl, your second image shows incorrect use of variables and hard-coded path.

You have to chose between one format or the other.

If you use the hard coded path, the variable should be set to None

In the meanwhile, logging - as suggested by swapnil - is the only option.

I have raised a support issue on this - because even with logging - the events show as errors in the Event viewer.  Tech support says this "is known issue and symantec is working on this'

Which doesn't make me feel so great about a product that was supposed to be bullet-proof...