Symantec Tamper Protection Alert
Created: 13 Jan 2010 | Updated: 21 May 2010 | 4 comments
This issue has been solved. See solution.
Hi all,
I have Symantec Endpoint Protection ver. 11 running in Microsoft Windows Server 2003. Recently I got some error messages from the Windows 's EventViewer as indicated on the attached image files (JPG format).
Any ideal to get all these error messages been solved out? And may I know the rootcause of these type of error messages in more details? Kindly provide more information about these type of error messages if possible.
Hope to hear from you soonest possible.
Thank you & have a great day.
Best regards,
Hendry Khoo
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
Create tamper protection exception for those two files. If not helps disable tamper protection
Below doc and comment can help you in this
Creating Centralized Exception policies in Symantec Endpoint Protection Manager.
Create a Centralized in
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Create a tamper protection exception for NNtask.exe and NNlive.exe.
Title: 'How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged.'
Document ID: 2009022412404548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009022412404548?Open&seg=ent
In order for the following process to work you must have alerts already generated.
1. Click Monitors
2. Click the Logs tab
3. For Log type, choose Application & Device Control
4. Click Advanced Settings
5. For Event Type, select Tamper Protection
6. Click View Logs
7. Click a tamper protection event that contains the executable to exclude
8. At the top of the table, in the Action box, choose: Add file to Centralized Exceptions Policy
9. Click Start
10. Check Process File to be added is correct
11. Select the Centralized Exception policy you want to add the new exception to
12. Click OK
13. Click OK at the Message box
14. When client checks in with SEPM it will get new policy based on heartbeat interval.
Note: Default heartbeat is push, the server has a constant connection to the clients.
How to create exclusions and exceptions for: Tamper Protection, Application Control Driver, or Application Control Rules.
Example: Tamper Protection
Prachand MCSE-2012 Symantec Technical Specialist (SCTS)
I have a similar problem. But, I don't see any tamper protection logs in monitor page. Is there any settings for logs to appear here? Alternatey how do I set exceptions manually? Should I set it for target file or for Actor process?
Pls create a separate thread for your problem.
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Would you like to reply?
Login or Register to post your comment.