We have SEP 10.1.6.6010 installed and some users are getting these Tamper messages;
Computer |
User |
Action Taken |
Object Type |
Event |
MLIW0AAE0267 |
MLIDDOMAIN1\mercema |
Blocked |
Process |
Terminate |
Actor |
\\MLISCDNAWD2.americas.manulife.net\AWD\Applications\Client\2.4\Packages\Production\DST AWD Client 2.4.exe (PID 3240) |
Target |
C:\Documents and Settings\mercema\Local Settings\Application Data\Thinstall\Cache\Stubs\3733dabe17423b4727d8febadbc589234d6c71bb\CView.exe (PID 3068) |
Target Process |
Date |
C:\DOCUME~1\mercema\LOCALS~1\APPLIC~1\THINST~1\Cache\Stubs\3733DA~1\CView.exe (PID 3068) |
09/24/2009 4:42:42 PM |
I am not sure why this is occuring because Tamper protection is not identifying any Symantec processes. Why is this happening and, if anyone can help, how do I stop this?
Thanks in advance