Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Tamper Protection

Created: 22 Jan 2014 | 5 comments

How would the disabling of the Tamper Protection impact the security of the machine? Could we be exposing our equipment to malicious actions?

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

Tamper Protection protects the clients services and registry keys from being "tampered" with (disabled/deleted, etc.)

If you disable TP, there is a chance malware could disable the client which would stop SEP from protecting your client machines.

So yes there is some risk involved.

Here is a good article for reference:

About Tamper Protection

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

The security risk caused by disabled Tamper Protection needs to be considered on several levels:

- first off when TP stays disabled end-user have potential ability to tamper with AV software, disable it for whatever reasons etc.

- there are specific threats out there - like Trojans AV-Disablers that have functionality to check for AV software on the target machines and disable it so that they can work not detected by the AV protection. SEP registry entries and SEP system files remain unprotected from such tamper attempts when TP is disabled.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Tamper Protection provides real-time protection for Symantec applications that run on servers and clients. It prevents threats and security risks from tampering with Symantec resources. You can enable or disable Tamper Protection. You can also configure the action that Tamper Protection takes when it detects a tampering attempt on the Symantec resources in your network.

Typically you should keep Tamper Protection enabled.

You might want to disable Tamper Protection temporarily if you get many false positive detections. You can create exceptions for false positive detections.

For example, some third-party applications might make the changes that inadvertently try to modify Symantec settings or processes. If you are sure that an application is safe, you can create a Tamper Protection exception for the application.

See Changing Tamper Protection settings

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

pete_4u2002's picture

any specific resaon you want to disable it ?

do have ADC policy in place?

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.