Create a tamper protection exception for NNtask.exe and NNlive.exe.
Title: 'How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged.'
Document ID: 2009022412404548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009022412404548?Open&seg=ent
In order for the following process to work you must have alerts already generated.
1. Click Monitors
2. Click the Logs tab
3. For Log type, choose Application & Device Control
4. Click Advanced Settings
5. For Event Type, select Tamper Protection
6. Click View Logs
7. Click a tamper protection event that contains the executable to exclude
8. At the top of the table, in the Action box, choose: Add file to Centralized Exceptions Policy
9. Click Start
10. Check Process File to be added is correct
11. Select the Centralized Exception policy you want to add the new exception to
12. Click OK
13. Click OK at the Message box
14. When client checks in with SEPM it will get new policy based on heartbeat interval.
Note: Default heartbeat is push, the server has a constant connection to the clients.
How to create exclusions and exceptions for: Tamper Protection, Application Control Driver, or Application Control Rules.
Example: Tamper Protection