Endpoint Protection

 View Only

  • 1.  Tamper Protection

    Posted Jan 22, 2014 05:41 PM

    How would the disabling of the Tamper Protection impact the security of the machine? Could we be exposing our equipment to malicious actions?

     



  • 2.  RE: Tamper Protection

    Posted Jan 22, 2014 05:48 PM

    Tamper Protection protects the clients services and registry keys from being "tampered" with (disabled/deleted, etc.)

    If you disable TP, there is a chance malware could disable the client which would stop SEP from protecting your client machines.

    So yes there is some risk involved.

    Here is a good article for reference:

    About Tamper Protection



  • 3.  RE: Tamper Protection

    Posted Jan 23, 2014 08:38 AM

    The security risk caused by disabled Tamper Protection needs to be considered on several levels:

    - first off when TP stays disabled end-user have potential ability to tamper with AV software, disable it for whatever reasons etc.

    - there are specific threats out there - like Trojans AV-Disablers that have functionality to check for AV software on the target machines and disable it so that they can work not detected by the AV protection. SEP registry entries and SEP system files remain unprotected from such tamper attempts when TP is disabled.



  • 4.  RE: Tamper Protection

    Broadcom Employee
    Posted Jan 23, 2014 08:57 AM

    Hi,

    Thank you for posting in Symantec community.

    Tamper Protection provides real-time protection for Symantec applications that run on servers and clients. It prevents threats and security risks from tampering with Symantec resources. You can enable or disable Tamper Protection. You can also configure the action that Tamper Protection takes when it detects a tampering attempt on the Symantec resources in your network.

    Typically you should keep Tamper Protection enabled.

    You might want to disable Tamper Protection temporarily if you get many false positive detections. You can create exceptions for false positive detections.

    For example, some third-party applications might make the changes that inadvertently try to modify Symantec settings or processes. If you are sure that an application is safe, you can create a Tamper Protection exception for the application.

    See Changing Tamper Protection settings



  • 5.  RE: Tamper Protection

    Broadcom Employee
    Posted Jan 23, 2014 09:04 AM

    any specific resaon you want to disable it ?

    do have ADC policy in place?

     

     



  • 6.  RE: Tamper Protection

    Posted Feb 25, 2014 11:48 AM

    Do you need more assistance with your problem or were you able to get it resolved?

    If you could post an update for followers of this thread that would be most helpful.

    Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

    Thanks and take care,
    Brian