Endpoint Protection

 View Only

  • 1.  Question on Process Being Blocked

    Posted Apr 18, 2010 12:51 AM
    I have a lot machines reporting back that a process called LVPrcSrv.exe which is the caller process is trying to change an Altiris process?  Can someone verify for me this is what I am reading?  When I look up that process it has something to do with Logitech cams.  This is showing up on a lot of our systems.

    Domain name: Dysart Site name: DISTRICT API:   Action: Block Test mode: No Windows domain:   User SYSTEM Server name: DSTSEPM01 Group name: My Company\Sites\CSES\CSES\Laptops\E3 Laptops Computer Name   Current: CSESCNU7301R79 When event occurred: CSESCNU7301R79   Event type: Tamper Protection Event time: 04/17/2010 09:01:22 Severity: Minor Begin time: 04/17/2010 09:01:22 End time: 04/17/2010 09:01:22 Rule name:   Alert: Yes Send SNMP trap:   Caller Process ID: 540 Caller Process Name: C:/Program Files/Common Files/LogiShrd/LVMVFM/LVPrcSrv.exe Target: C:/Program Files/Altiris/Altiris Agent/AeXAgentUIHost.exe User name: SYSTEM Description: "C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe"




     


  • 2.  RE: Question on Process Being Blocked

    Posted Apr 18, 2010 01:59 AM
    Yes the process is for logitech

    lvprcsrv.exe is a process installed alongside Logitech QuickCam and provides additional configuration options for these devices. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems.\r"

    But I have seen instance where  LVPrcSrv.exe  was trying to attcak smc.exe and Tamper protection alerts were getting generated.

    Either you can create Tamper Protection exception for that or submitt the file and Security Response and let see waht they have to say for that


  • 3.  RE: Question on Process Being Blocked

    Posted Apr 18, 2010 12:11 PM

    If you do not end calling support to have it possibly excluded that way, you can set up an exception for that file



  • 4.  RE: Question on Process Being Blocked
    Best Answer

    Posted Apr 18, 2010 04:24 PM
    Tamper Protection has few false positives with these..you can configure Tamper Protection Exception for this file




    How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged.
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009022412404548




    How to configure Tamper Protection in Symantec Endpoint Protection 11.0

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092616550248


  • 5.  RE: Question on Process Being Blocked

    Posted Apr 20, 2010 01:34 PM
    Thanks, Exceptions are a good answer but just was worried that process was running on a lot of our systems and trying to change something on the Altiris client.  If it is a safe process then I will put an exception to ignore it. 

    Thanks.