Symantec Tamper Protection Alert - php-cgi.exe - w3wp.exe - SEPM Upgrade from 11.07 to 11.07MP2
I was going to upgrade my SEP installation from the 11.04 to 11.07. Looking over the instructions it
stated that the 11.07MP2 was only supported from 11.07 so I upgraded SEPM to 11.07 (the console fired up
and worked OK) and then to 11.07MP2. After the MP2 update I received an "unexpected error" and the event
log entry
Event Type: Error
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 45
Date: 10/11/2012
Time: 1:22:36 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: IRIDIUM
Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php-cgi.exe
Event Info: Terminate Process
Action Taken: Logged
Actor Process: c:\windows\system32\inetsrv\w3wp.exe (PID 5556)
Time: Thursday, October 11, 2012 1:22:36 PM
Looking this up refers me to tech artical TECH194821 which states to fix the problem I need to update the
tamper protection setting and to open the SEPM cosole.....ah but thats the catch the very tool I use to
update tamper protection is being blocked by tamper protection. I'm open to suggestions on how to get
around this problem short of reinstallation. Thanks in advance for any suggestion.
Comments 6 Comments • Jump to latest comment
You can temporarily disable tamper protection to add an exclusion for the tool.
Than add an exclusion. see this doc:
How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged
http://www.symantec.com/business/support/index?pag...
SEP Knowledge Base
Endpoint SWAT
Hi
Check this:
Getting Tamper Protection Alert, Event ID: 45 for \Program Files\Symantec\Symantec Endpoint Protection Manager\Php\php-cgi.exe. With SEP/ SEPM 11.0 installed
http://www.symantec.com/docs/TECH194821
Cheers
How do I disable tamper protection not going through the SEPM interface?
My problem is I can't get to the SEPM interface to disable or create the exception to allow SEPM to run.
I was hoping there was some other way of disabling TP or creating the exception without going through the SEPM interface.
Open the client interface and click Change Settings
Client Management
Tamper Protection tab
Uncheck it and close the GUI. Should now be disabled.
SEP Knowledge Base
Endpoint SWAT
OK, I'm stupid, I disabled the "tamper protection" via the SEP interface not the SEPM interface which then allowed me to add the exception and get to the SEPM console like before. I don't think I've ever had to work with the Tamper Protection in the 5 years I've used SEP 11.....live and learn. Thanks again for the suggestions and good ideas.
Glad it's working, please don't forget to mark the post that helped as solved
SEP Knowledge Base
Endpoint SWAT
Would you like to reply?
Login or Register to post your comment.