Hello,
About Tamper Protection:
Tamper Protection provides real-time protection for Symantec applications. It thwarts attacks by malicious software such as worms, Trojan horses, viruses, and security risks.
You can set Tamper Protection to take the following actions:
Tamper Protection is enabled for both the managed clients and the unmanaged clients, unless your administrator has changed the default settings. When Tamper Protection detects a tampering attempt, the action it takes by default is to log the event in the Tamper Protection Log. You can configure Tamper Protection to display a notification on your computer when it detects a tampering attempt. You can customize the message. Tamper Protection does not notify you about attempts to tamper unless you enable that functionality.
If you use an unmanaged client, you can change your Tamper Protection settings. If you use a managed client, you can change these settings if your administrator allows it.
A best practice when you initially use Symantec Endpoint Protection is to leave the default action Log the event only while you monitor the logs once a week. When you are comfortable that you see no false positives, then set Tamper Protection to Block it and log the event
Note: If you use a third-party security risk scanner that detects and defends against unwanted adware and spyware, the scanner typically impacts Symantec processes. If you have Tamper Protection enabled while you run a third-party security risk scanner, Tamper Protection generates a large number of notifications and log entries. A best practice is to always leave Tamper Protection enabled, and to use log filtering if the number of events that are generated is too large.
(Note: this feature is only available on 32-bit systems)
Enabling, disabling, and configuring Tamper Protection
You can enable or disable Tamper Protection. If Tamper Protection is enabled, you can choose the action that it takes when it detects an attempt to tamper with Symantec software. You can also have Tamper Protection display a message to notify you of tamper attempts. If you want to customize the message, you can use the predefined variables that Tamper Protection fills in with the appropriate information.
Note: If an administrator manages your computer, and these options display a padlock icon, you cannot change these options because your administrator has locked them.
To enable or disable Tamper Protection
- In the main window, in the sidebar, click Change settings.
- Beside Client Management, click Configure Settings.
- On the Tamper Protection tab, check or uncheck Protect Symantec security software from being tampered with or shut down.
- Click OK.
To configure Tamper Protection
- In the main window, in the sidebar, click Change settings.
- Beside Client Management, click Configure Settings.
- On the Tamper Protection tab, in the Action to take if an application attempts to tamper with or shut down Symantec security software list box, click Block it and log the event or Log the event only.
- If you want to be notified when Tamper Protection detects suspicious behavior, check Display a notification message when tampering is detected. If you enable these notification messages, you may receive notifications about Windows processes as well as Symantec processes.
- To customize the message that appears, update the text in the message field.
- Click OK.