Endpoint Protection

 View Only

  • 1.  symantec warning about XAMPP

    Posted Feb 11, 2013 07:05 AM

    My Windows 7 laptop runs Symantec Endpoint Protection, version 12.1.671.4971.  I have recently installed XAMPP for Windows, version 1.8.1, so that I can run mirror installation of my WordPress site on my own computer.  I get warnings from Symantec that look like this:

    SYMANTEC TAMPER PROTECTION ALERT

    Target: C:\Program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971
    Event Info: Create Process
    Action Taken: Logged
    Actor Process: C:\XAMPP\XAMPP-CONTROL.EXE (PID 3464)
    Time: etc.

    I went into Change Settings -> Exceptions -> Configure Settings, and put the following into the list of User-defined Exceptions:
    C:\xampp\xampp-control.exe    All Scans    Ignore
    C:\xampp\xampp-start.exe    All Scans    Ignore

    to no avail.

    Any suggestions?



  • 2.  RE: symantec warning about XAMPP

    Posted Feb 11, 2013 07:07 AM

    Upgrade to latest SEP version, this is a known bug in earlier versions of 12.1 and fixed in RU1 MP1. See here:

    Symantec Endpoint Protection (SEP) clients generating Tamper Protection alerts on excluded applications

    Article:TECH171057  |  Created: 2011-10-04  |  Updated: 2012-04-30  |  Article URL http://www.symantec.com/docs/TECH171057

     



  • 3.  RE: symantec warning about XAMPP

    Posted Feb 11, 2013 07:08 AM

    How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

    Article:TECH92553 | Created: 2009-01-24 | Updated: 2010-01-23 | Article URL http://www.symantec.com/docs/TECH92553
     
    Check this thread


  • 4.  RE: symantec warning about XAMPP

    Trusted Advisor
    Posted Feb 11, 2013 07:09 AM

    Hello,

    Check this fix below which happened in the SEP 12.1 RU1 MP1 version.

    Tamper Protection exceptions are not honored
    Fix ID: 2580578
    Symptom: Tamper Protection exceptions are not honored. An excluded process will trigger tamper protection.
    Solution: The SEP client was sending a delta of the exclusion list to the BASH component. The client was modified to send the complete list to resolve this issue.
     
    Reference: 

    New fixes and features in Symantec Endpoint Protection 12.1 Release Update 1 Maintenance Patch 1

    http://www.symantec.com/docs/TECH187656

    I would suggest you to please Migrate the SEP client to the Latest version of SEP 12.1 RU2.

    You are running an RTM version of SEP 12.1.

    What are the Symantec Endpoint Protection (SEP) versions released officially?

    http://www.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially

    Best practices for upgrading to Symantec Endpoint Protection 12.1.2

    http://www.symantec.com/business/support/index?page=content&id=TECH163700



  • 5.  RE: symantec warning about XAMPP

    Posted Feb 11, 2013 07:26 AM

    Hello,

    Please upgrade your system with latest sep version,

    Agreed with above comments...



  • 6.  RE: symantec warning about XAMPP

    Posted Feb 11, 2013 07:41 AM

    You can created an exclusion for these detections:

    http://www.symantec.com/docs/HOWTO55213

    http://www.symantec.com/docs/TECH92553



  • 7.  RE: symantec warning about XAMPP

    Broadcom Employee
    Posted Feb 11, 2013 09:23 AM

    Hi,

    Following are the two fixes in SEP 12.1 RU1 MP1 version.

    Tamper Protection exceptions are not honored
    Fix ID: 2580578
    Symptom: Tamper Protection exceptions are not honored. An excluded process will trigger tamper protection.
    Solution: The SEP client was sending a delta of the exclusion list to the BASH component. The client was modified to send the complete list to resolve this issue.
     
    Folder/file exclusions in SEPM will not accept the ampersand (&) character
    Fix ID: 2564781
    Symptom: The ampersand (&) character is a valid file/folder-name character on both Windows and Macintosh. Folder/file exclusions in SEPM do not accept the ampersand (&) character.
    Solution: SEPM was modified to allow the ampersand (&) character in file/folder exclusions.
     
     
    SEP 12.1.671.4971 is old version & was released in 2011.
    By looking at above two fix id's I would also suggest to upgrade to the latest SEP version i.e. SEP 12.1 RU2 (12.1.2015.2015)

     



  • 8.  RE: symantec warning about XAMPP

    Posted Feb 19, 2013 08:24 AM

    I appreciate everyone's help. 

    I seem to have solved the problem, but in a strange way, so I will post it here in case this helps others.

    I asked my university for help in upgrading my symantec, and they sent me a link to their current symantec download. They claimed it would be the version you all recommended. I uninstalled Symantec and re-installed with the new download. I got exactly the same version, judging by the version number.

    However, I stopped getting the warnings, even without defining an exception.

    My working hypothesis is that I could have avoided the whole mess if I had turned off symantec temporarily before installing xampp.