Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

symantec warning about XAMPP

Created: 11 Feb 2013 | 7 comments

My Windows 7 laptop runs Symantec Endpoint Protection, version 12.1.671.4971.  I have recently installed XAMPP for Windows, version 1.8.1, so that I can run mirror installation of my WordPress site on my own computer.  I get warnings from Symantec that look like this:

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971
Event Info: Create Process
Action Taken: Logged
Actor Process: C:\XAMPP\XAMPP-CONTROL.EXE (PID 3464)
Time: etc.

I went into Change Settings -> Exceptions -> Configure Settings, and put the following into the list of User-defined Exceptions:
C:\xampp\xampp-control.exe    All Scans    Ignore
C:\xampp\xampp-start.exe    All Scans    Ignore

to no avail.

Any suggestions?

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture
How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged
Article:TECH92553 | Created: 2009-01-24 | Updated: 2010-01-23 | Article URL http://www.symantec.com/docs/TECH92553
 
Check this thread

Thanks In Advance

Ashish Sharma

 

 

_Brian's picture

Upgrade to latest SEP version, this is a known bug in earlier versions of 12.1 and fixed in RU1 MP1. See here:

Symantec Endpoint Protection (SEP) clients generating Tamper Protection alerts on excluded applications

Article:TECH171057  |  Created: 2011-10-04  |  Updated: 2012-04-30  |  Article URL http://www.symantec.com/docs/TECH171057

 

Mithun Sanghavi's picture

Hello,

Check this fix below which happened in the SEP 12.1 RU1 MP1 version.

Tamper Protection exceptions are not honored
Fix ID: 2580578
Symptom: Tamper Protection exceptions are not honored. An excluded process will trigger tamper protection.
Solution: The SEP client was sending a delta of the exclusion list to the BASH component. The client was modified to send the complete list to resolve this issue.
 
Reference: 

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 1 Maintenance Patch 1

http://www.symantec.com/docs/TECH187656

I would suggest you to please Migrate the SEP client to the Latest version of SEP 12.1 RU2.

You are running an RTM version of SEP 12.1.

What are the Symantec Endpoint Protection (SEP) versions released officially?

http://www.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

http://www.symantec.com/business/support/index?page=content&id=TECH163700

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ambesh_444's picture

Hello,

Please upgrade your system with latest sep version,

Agreed with above comments...

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Chetan Savade's picture

Hi,

Following are the two fixes in SEP 12.1 RU1 MP1 version.

Tamper Protection exceptions are not honored
Fix ID: 2580578
Symptom: Tamper Protection exceptions are not honored. An excluded process will trigger tamper protection.
Solution: The SEP client was sending a delta of the exclusion list to the BASH component. The client was modified to send the complete list to resolve this issue.
 
Folder/file exclusions in SEPM will not accept the ampersand (&) character
Fix ID: 2564781
Symptom: The ampersand (&) character is a valid file/folder-name character on both Windows and Macintosh. Folder/file exclusions in SEPM do not accept the ampersand (&) character.
Solution: SEPM was modified to allow the ampersand (&) character in file/folder exclusions.
 
Reference: http://www.symantec.com/business/support/index?page=content&id=TECH187656
 
SEP 12.1.671.4971 is old version & was released in 2011.
By looking at above two fix id's I would also suggest to upgrade to the latest SEP version i.e. SEP 12.1 RU2 (12.1.2015.2015)

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

aparente001's picture

I appreciate everyone's help. 

I seem to have solved the problem, but in a strange way, so I will post it here in case this helps others.

I asked my university for help in upgrading my symantec, and they sent me a link to their current symantec download. They claimed it would be the version you all recommended. I uninstalled Symantec and re-installed with the new download. I got exactly the same version, judging by the version number.

However, I stopped getting the warnings, even without defining an exception.

My working hypothesis is that I could have avoided the whole mess if I had turned off symantec temporarily before installing xampp.