Endpoint Protection

 View Only

  • 1.  Registry setting for Tamper Protect in SAV 10.2.2.2000

    Posted Sep 29, 2009 10:17 AM
    All, hope someone can help.

    I have disabled Tamper Protection from the server console and applied it to all clients.  Unfortunately, for whatever reason, not all clients received the instructions to disable tamper protect.

    I was wondering of someone out there knew the registry setting for tamper protect (both Win XP and Vista, 32 bit and 64 bit)?

    Now, before you start hammering me with "You shouldn't turn off tamper protect", I do understand why it shouldn't be turned off.  I understand the risks and consequences of doing so.

    In my defense, the reason it needs to be turned off is due to another security application that is being installed will not install properly while the SAV tamper protect is enabled.  Turning off tamper protect allows the security app to be installed fully.

    I'm just looking to be able to remotely turn off the tamper protect via the registry or via a batch file that I can push to onesie, twosie systems as I come across them.

    By the way, the security app that's being delivered will also provide tamper protection as well as log all changes made to applications, registry, etc.  I then get a report anytime something is altered outside of normal daily operations.

    Any help anyone could provide would be appreciated.

    Thanks.


  • 2.  RE: Registry setting for Tamper Protect in SAV 10.2.2.2000

    Posted Sep 29, 2009 10:49 AM
    Greetings,

    I am not aware of a registry key to disable this as its a driver that is loaded. You can remove the driver though I cannot recommend doing this as I am unsure what may happen, would be a good idea to do this on a test machine first:

    -Right click on My Computer and select Manage
    -On "Computer Management (local)",  click Device Manager.
    -With Device Manager selected, click on View and select Show hidden devices. It will display Non-Plug and Play Drivers.
    -Right click on SPBBCDrv and select Disable.
    -Close the window.
    -Reboot the computer for the change to take affect.


  • 3.  RE: Registry setting for Tamper Protect in SAV 10.2.2.2000
    Best Answer

    Posted Sep 29, 2009 10:52 AM
    You can check this key


    HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\SymProtect\RealTimeScan

    on the right hand side you will get a key called Disabled -- if is 1 then Tamper is disbaled.
    if its 0 its enabled.

    You will also have a value for Disabled-L ( meaning Logging disabled)

    let me know if this was helpful. :)



  • 4.  RE: Registry setting for Tamper Protect in SAV 10.2.2.2000

    Posted Sep 29, 2009 12:28 PM
    Rafeeq,
    THANK YOU, I have been searching for this for about a week and a half and you have answered my question.

    This works FANTASTIC.

    Appreciate the quick response.


  • 5.  RE: Registry setting for Tamper Protect in SAV 10.2.2.2000

    Posted Sep 29, 2009 12:35 PM
    Nice catch Rafeeq, this was listed in our internal only document.

    In any case I'm glad to see it works!