Endpoint Protection Small Business Edition

 View Only

  • 1.  SEP 12.1 - Tamper alert warning - no reason?

    Posted Jul 11, 2011 07:16 PM

    I use a password storage app called Roboform.

    In the past few days, SEP (12.1 Beta) has started bringing up Tamper warnings about the app.

    No issues when I had SEP 11 (SBS ed) running - and earlier version of SEP 12 did not flag any problems.

    Any clues?

    Message:

    SYMANTEC TAMPER PROTECTION ALERT

     

    Target:  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.601.4699.105\Bin64\SmcGui.exe

    Event Info:  Create Process

    Action Taken:  Blocked

    Actor Process:  C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE (PID 3352)

    Time:  Tuesday, 12 July 2011  9:10:20 AM



  • 2.  RE: SEP 12.1 - Tamper alert warning - no reason?

    Posted Jul 12, 2011 07:43 AM

    Good to create an exclusion; I dont know why they are fighting each other :) 

    all the password retrieval softwares will be flagged by SEP..

    this is explicitly specified in the release notes

     

    Tamper Protection may be triggered by third-party software
    Some third-party software may make changes that inadvertently attempt to
    modify Symantec components. The result is that Tamper Protection displays
    notifications about these actions.
    To work around this issue, ensure that the application is safe, and then create an
    exception for it in your Exceptions policies. You should also contact Symantec
    directly and send in your Control log.
    You should also send your Tamper Protection log events (which appear in the
    Control log) to Symantec. Contact Technical Support for instructions on how to
    upload the log.
    [2319187]


  • 3.  RE: SEP 12.1 - Tamper alert warning - no reason?

    Posted Jul 12, 2011 10:16 AM

    Are you positive that application can be trusted. The domain that provides the Roboform application  is identified in this ThreatExpert Submission summary as a possible security risk.

     

    http://www.threatexpert.com/report.aspx?md5=202b20423f2ceb42a93c7754e805ee12



  • 4.  RE: SEP 12.1 - Tamper alert warning - no reason?

    Posted Jul 12, 2011 04:23 PM

    Yes, it is looking at the Siber Systems URL; a feature of the pro version is it does periodic sync's with an online backup of the password database...