Endpoint Protection

Hi all,

tamper alerts (error event) are occurred in "Application log" of Windows 2000 server when do "Windows Update" in 15 Jan 2009. As I do it in Windows 2003 server, no problem at all. I doubt that is related to applying the "Windows Malicious Software Removal Tool - January 2009 (KB890830)" patch in Windows 2000 server platform. Do you have any idea about this case. Thanks in advance.

Symantec Anitvirus version : 10.1.5.5000 (parent server or client)

OS platform : Windows 2000 server SP4

For further information.

As I apply the windows patch in other Windows 2000 server without that "Windows Malicious Software Removal Tool - January 2009 (KB890830)" patch, the Tamper Protection Alert error messages are still occurred. It means this error message is not only related to that "Removal Tool" patch. This is related to the "Windows Update" process (one of these patches). I have no idead which windows security patch to cause this error message.

Event Type: Error
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 45
Date:  1/15/2009
Time:  9:19:00 AM
User:  xxxxxxxx\Administrator
Computer: xxxxxxxxx
Description:
 

SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Event Info:  Map View Memory
Action Taken:  Blocked
Actor Process:  C:\WINNT\SoftwareDistribution\Download\094cb48add2362622ba4c3293b5a2f17\update\update.exe (PID 2836)
Time:  Thursday, January 15, 2009  9:19:00 AM

Does Anyone know if there is any issue to Windows 2000 server about this error message? Or just ignore the error message because at least Windows Update can be finished without any error warning at the end.

Disable tamper protection or migrate to SEP.

- Jukka