Endpoint Protection

 View Only

  • 1.  Tamper Protection and Services

    Posted Jan 03, 2012 12:54 PM

    Greetings,

    Recently we have created an install package of SEP 12.1, when the task is complete we find that random workstaitons receive a "Tamper Protection" notification, when that feature has been disabled via the policy, also the SEP and SEP client services are not able to be modified by the Administrator.  This isssue would be less complicated if it was not so random.  Steps taken:

    Removed the client 11.6 to install the 12.1 via SEPM and Altiris

    Reboot the required 2X. then the issue presents itself on random workstations, did I mention it was random.  Any assistance would be greatly appreciated.



  • 2.  RE: Tamper Protection and Services

    Posted Jan 03, 2012 02:37 PM

    This post should be moved to the SEP forums.



  • 3.  RE: Tamper Protection and Services

    Broadcom Employee
    Posted Jan 03, 2012 10:46 PM

    on the machines reporting the issue, can you check for the tamper protection setting on clients? On the client side, check whether the policy is been updated .



  • 4.  RE: Tamper Protection and Services

    Posted Jan 04, 2012 02:02 AM

    Are you using SEP 12.1 RU1 ?



  • 5.  RE: Tamper Protection and Services

    Posted Jan 04, 2012 06:39 AM

    Your installation package could be including an unexpected default policy.  The clients can switch after the install to correct policy after contacting SEPM.  Timing of tamper protection events and policy switch could cause the random behavior observation.  Check your install, by installing the package to a disconnected computer.  Export a package from a group with tamper protection disabled to pick up the desired default policy.

    If the policy is correct on the client (no tamper) and the alerts are still generated randomly after, that would be different.