Endpoint Protection

 View Only

  • 1.  Tamper Protection blocking non Symantec processes.

    Posted Sep 25, 2009 03:12 PM

    We have SEP 10.1.6.6010 installed and some users are getting these Tamper messages;

    Computer User Action Taken Object Type Event
    MLIW0AAE0267 MLIDDOMAIN1\mercema Blocked Process Terminate
    Actor
    \\MLISCDNAWD2.americas.manulife.net\AWD\Applications\Client\2.4\Packages\Production\DST AWD Client 2.4.exe (PID 3240)
    Target
    C:\Documents and Settings\mercema\Local Settings\Application Data\Thinstall\Cache\Stubs\3733dabe17423b4727d8febadbc589234d6c71bb\CView.exe (PID 3068)
    Target Process Date
    C:\DOCUME~1\mercema\LOCALS~1\APPLIC~1\THINST~1\Cache\Stubs\3733DA~1\CView.exe (PID 3068) 09/24/2009 4:42:42 PM

    I am not sure why this is occuring because Tamper protection is not identifying any Symantec processes.  Why is this happening and, if anyone can help, how do I stop this?

    Thanks in advance


     



  • 2.  RE: Tamper Protection blocking non Symantec processes.

    Posted Sep 25, 2009 03:23 PM
    Create an exception for this process in SSC


  • 3.  RE: Tamper Protection blocking non Symantec processes.

    Posted Sep 25, 2009 04:04 PM

    How do I create an exception in SSC.  I cannot find anywhere to do this.



  • 4.  RE: Tamper Protection blocking non Symantec processes.

    Posted Sep 25, 2009 04:37 PM
    Using Tamper Protection in Symantec AntiVirus 10.x and Symantec Client Security 3.x

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005033111081548


  • 5.  RE: Tamper Protection blocking non Symantec processes.

    Posted Sep 25, 2009 04:39 PM

    Title: 'Cannot set exclusions for Tamper Protection'
    Document ID: 2005050310252848
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2005050310252848?Open&seg=ent