Endpoint Protection

 View Only

  • 1.  Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

    Posted Oct 11, 2012 03:19 PM

    I was going to upgrade my SEP installation from the 11.04 to 11.07.  Looking over the instructions it

    stated that the 11.07MP2 was only supported from 11.07 so I upgraded SEPM to 11.07 (the console fired up

    and worked OK) and then to 11.07MP2.  After the MP2 update I received an "unexpected error" and the event

    log entry

    Event Type:    Error
    Event Source:    Symantec AntiVirus
    Event Category:    None
    Event ID:    45
    Date:        10/11/2012
    Time:        1:22:36 PM
    User:        NT AUTHORITY\NETWORK SERVICE
    Computer:    IRIDIUM
    Description:
     

    SYMANTEC TAMPER PROTECTION ALERT

    Target:  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php-cgi.exe
    Event Info:  Terminate Process
    Action Taken:  Logged
    Actor Process:  c:\windows\system32\inetsrv\w3wp.exe (PID 5556)
    Time:  Thursday, October 11, 2012  1:22:36 PM

    Looking this up refers me to tech artical TECH194821 which states to fix the problem I need to update the

    tamper protection setting and to open the SEPM cosole.....ah but thats the catch the very tool I use to

    update tamper protection is being blocked by tamper protection.  I'm open to suggestions on how to get

    around this problem short of reinstallation.  Thanks in advance for any suggestion.



  • 2.  RE: Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

    Posted Oct 11, 2012 03:25 PM

    You can temporarily disable tamper protection to add an exclusion for the tool.

    Than add an exclusion. see this doc:

    How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

    http://www.symantec.com/business/support/index?page=content&id=TECH92553



  • 3.  RE: Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2
    Best Answer

    Posted Oct 11, 2012 03:31 PM

    Hi

    Check this:

    Getting Tamper Protection Alert, Event ID: 45 for \Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php-cgi.exe. With SEP/ SEPM 11.0 installed

    http://www.symantec.com/docs/TECH194821

     

    Cheers



  • 4.  RE: Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

    Posted Oct 11, 2012 05:02 PM

    How do I disable tamper protection not going through the SEPM interface?

    My problem is I can't get to the SEPM interface to disable or create the exception to allow SEPM to run.

    I was hoping there was some other way of disabling TP or creating the exception without going through the SEPM interface.



  • 5.  RE: Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

    Posted Oct 11, 2012 05:40 PM

    Open the client interface and click Change Settings

    Client Management

    Tamper Protection tab

    Uncheck it and close the GUI. Should now be disabled.



  • 6.  RE: Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

    Posted Oct 11, 2012 06:11 PM

    OK, I'm stupid, I disabled the "tamper protection" via the SEP interface not the SEPM interface which then allowed me to add the exception and get to the SEPM console like before.  I don't think I've ever had to work with the Tamper Protection in the 5 years I've used SEP 11.....live and learn.  Thanks again for the suggestions and good ideas.



  • 7.  RE: Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

    Posted Oct 11, 2012 06:53 PM

    Glad it's working, please don't forget to mark the post that helped as solved