Endpoint Protection

I just deployed SEP 11 client package to our exchange server 2000 with all of the required exclusions.  Everything seems to be working as normal, however we started to see two Tamper protection alerts on event viewer:

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe

Event Info: Set Information Thread

Action Taken: Logged

Actor Process: d:\b5572724ec3790a465de72723bf2\update\update.exe (PID 3024)

 

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe

Event Info: Create Thread

Action Taken: Logged

Actor Process: d:\bff7d37c0a4be4f4d06da626acecd872\update\update.exe (PID 3712)

What should I do about these errors?
Thanks

Are you using Spyware Doctor?

Hi,

the alert you get means that the update.exe is trying to do something not really good with our ccApp.exe, what is it the reported update.exe? Do you know it?
If you know, you have to ask to the update.exe vendor what it is trying to do, if you don't know it, it is a malware that is trying to damage the antivirus.

Regards,

Check this list on programs using update.exe

http://www.threatexpert.com/files/update.exe.html

I found that the process: d:\bff7d37c0a4be4f4d06da626acecd872\update\update.exe (PID 3712) and d:\b5572724ec3790a465de72723bf2\update\update.exe (PID 3024) belong to Microsoft exhange server 2000 hot fixes (Exhotfix.dll).  Normally a reboot will get rid of those files.

I think the issue can be resolved by either reboot the exchange server, manually delete the files, or exclude them from Symantec Centralized exclusions-Tamper protection exception.

Thanks for the help!