Tamper Protection Annoyance

Updated: 23 May 2010 | 3 comments

SecurityGuy

0 0 Votes

I am running SAV 10.1 on my servers & have recently begun installing Prism Microsystem's EventTracker agent, which as you can guess by the name, is an Event Log management solution.

Once the agent is installed on a server, I start getting a plethora of Symantec Tamper Protection Alerts. I've gone to the knowledge base here & can see it's probably because Prism is attaching to the Event log API - but

short of turning off Tamper Protection how do I get these alerts to stop?

Is there a process exception list for tamper protection where I can tell it not to bother if it's a certain process?

discussion Filed Under:

Security, Endpoint Protection (AntiVirus)

Comments RSS Feed

Comments

Jul

2007

0 Votes 0

Anthony Flaviani

Symantec Employee

Accredited

Certified

At this point, SAV 10.x does not have any great exceptions for tamper protection. This has been modified for SEP v11.0.

Jul

2007

0 Votes 0

SecurityGuy

Is there anyway, short of turning off Tamper Protection, of stopping these messages? I am now getting thousands of messages per day for my servers for what is a legitimate product.

From what I understand from your knowledge base, SAV is generating these events because my Event Log Management Solution is accessing the Event Logs through the Windows API.

That is not acceptable. Please fix this ASAP.

Message Edited by SecurityGuy on 07-19-200710:21 AM

Sep

2007

0 Votes 0

Chris Wood - ITVplc

Hi Chap,

Turning off tamper protection is simple.

Unlock your server group in the Symantec System Centre
Right click your Primary Parent Server
Navigate to All Tasks > Symantec AntiVirus > Client Tamper Protection Options.
You can then de-select the options as required to disable this feature.

Hope this helps,

Regards,

Chris

Tamper Protection Annoyance

Comments

Would you like to reply?

Links

Technical Support

Symantec.com

Store

Community Stats