Video Screencast Help

Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2

Created: 11 Oct 2012 • Updated: 15 Oct 2012 | 6 comments
This issue has been solved. See solution.

I was going to upgrade my SEP installation from the 11.04 to 11.07.  Looking over the instructions it

stated that the 11.07MP2 was only supported from 11.07 so I upgraded SEPM to 11.07 (the console fired up

and worked OK) and then to 11.07MP2.  After the MP2 update I received an "unexpected error" and the event

log entry

Event Type:    Error
Event Source:    Symantec AntiVirus
Event Category:    None
Event ID:    45
Date:        10/11/2012
Time:        1:22:36 PM
User:        NT AUTHORITY\NETWORK SERVICE
Computer:    IRIDIUM
Description:
 

SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php-cgi.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  c:\windows\system32\inetsrv\w3wp.exe (PID 5556)
Time:  Thursday, October 11, 2012  1:22:36 PM

Looking this up refers me to tech artical TECH194821 which states to fix the problem I need to update the

tamper protection setting and to open the SEPM cosole.....ah but thats the catch the very tool I use to

update tamper protection is being blocked by tamper protection.  I'm open to suggestions on how to get

around this problem short of reinstallation.  Thanks in advance for any suggestion.

Comments 6 CommentsJump to latest comment

.Brian's picture

You can temporarily disable tamper protection to add an exclusion for the tool.

Than add an exclusion. see this doc:

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/business/support/index?pag...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Seyad's picture

Hi

Check this:

Getting Tamper Protection Alert, Event ID: 45 for \Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php-cgi.exe. With SEP/ SEPM 11.0 installed

http://www.symantec.com/docs/TECH194821

 

Cheers

SOLUTION
battlerock's picture

How do I disable tamper protection not going through the SEPM interface?

My problem is I can't get to the SEPM interface to disable or create the exception to allow SEPM to run.

I was hoping there was some other way of disabling TP or creating the exception without going through the SEPM interface.

.Brian's picture

Open the client interface and click Change Settings

Client Management

Tamper Protection tab

Uncheck it and close the GUI. Should now be disabled.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

battlerock's picture

OK, I'm stupid, I disabled the "tamper protection" via the SEP interface not the SEPM interface which then allowed me to add the exception and get to the SEPM console like before.  I don't think I've ever had to work with the Tamper Protection in the 5 years I've used SEP 11.....live and learn.  Thanks again for the suggestions and good ideas.

.Brian's picture

Glad it's working, please don't forget to mark the post that helped as solved

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.