Endpoint Protection

Hello all.

latelly upgraded my SEP 11.x to 12.1.671.4971 on Win7 64bit

i was running a game called battlefield 2 and now tamper protection blocks it.

more specifically when tamper is enabled as well as "log & notifications" as soon as i start the game i get a notification and 4 log entries in event viewer. (pasted below). Later on when i try to connect to any remote server (multiplayer) the game's process is terminated. SEP is fully updated at the moment as well as the OS (Win7 64bit). i have added a couple of exceptions (file,folder,application) on "client management" menu for the executable (bf2.exe) in the appropriate path and set it to be "ignored" from all security scans and that doesnt change things. When i disable tamper protection it obviously doesnt log anything on event viewer but still when im trying to connect to any remote server through it then the game gets terminated again and thats what im trying to solve now.....so any suggestions????

SYMANTEC TAMPER PROTECTION ALERT  Target:  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info:  Create Process Action Taken:  Logged Actor Process:  C:\PROGRAM FILES\EA GAMES\BATTLEFIELD 2\BF2.EXE (PID 1288) Time:  Sunday, November 27, 2011  6:53:24 PM

SYMANTEC TAMPER PROTECTION ALERT  Target:  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe Event Info:  Create Process Action Taken:  Logged Actor Process:  C:\PROGRAM FILES\EA GAMES\BATTLEFIELD 2\BF2.EXE (PID 1288) Time:  Sunday, November 27, 2011  6:53:24 PM

SYMANTEC TAMPER PROTECTION ALERT  Target:  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SmcGui.exe Event Info:  Create Process Action Taken:  Logged Actor Process:  C:\PROGRAM FILES\EA GAMES\BATTLEFIELD 2\BF2.EXE (PID 1288) Time:  Sunday, November 27, 2011  6:53:24 PM

SYMANTEC TAMPER PROTECTION ALERT  Target:  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ProtectionUtilSurrogate.exe Event Info:  Create Process Action Taken:  Logged Actor Process:  C:\PROGRAM FILES\EA GAMES\BATTLEFIELD 2\BF2.EXE (PID 1288) Time:  Sunday, November 27, 2011  6:53:24 PM

From the Client GUI you cannot give Tamper Protection Exclusion.

Either give Tamper Protection from your SEPM (manager Console) or if its a Unmanaged Client Turn OFF Tamper Protection.

The exclusion you have set will exclude files from all typeof scans, but tamper protection is not a scan and it won't be excluded from Tamper Protection.

hey thanks for replying.it is an unmanaged client...but how do i turn off tamper protection?

on client management,tamper protection tab, i have already unticked "protect symantec security software ..."

but is it this?

Thats correct, once you un-tick that, you are all good.

thats what i thought but still the app shuts down.

but u are now making think that although since its not logging tamper protection alert that way, i cant verify its the tampe protection that shuts it down so SEP might be all good.

on the other hand is there a way to disable SEP services in order to be sure?(grayed out)

If its not Tamper Protection and you have already made necessary Exclusions then it can something else aswell..

however try stopping SEP

Start - Run -type..  smc -stop

This will stop SEP service.

check if your application runs. If its still not running then its something else..might be UAC 9User Account Control.

to disable UAC --go to start - run - msconfig and tool and disable UAC.

start smc to enable SEP --start -run - smc -start

indeed it must be something else now since i stopped SEP services. i also had UAC completelly disabled.

oh well bad luck. still thanks for the info up to the point. at least i know tamper protection isnt messing with me and now i also know how to stop/start SEP services

thanks again.