Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Tamper Protection Off - Vista 64Bit

Created: 24 Jan 2008 • Updated: 21 May 2010 | 5 comments
Just deployed a install to a Vista Ultimate 64bit OS and the SEP Management Console Reports that Tamper Protection is turned off for this machine.
 
This client is in the same group as other 32 BIT clients and no other clients are getting reported on the home page that it is turned off.  The policy for the group has that tamper protection check box marked on the tamper protection tab.
 
So I look at the client, and go to the Change settings tab, and configure settings next to the client management section.  No Tamper Protection tab on the 64 bit client.  I found this very interesting.  That is where the setting is on the 32 bit OS.
 
Can Symantec Report this as a bug, or is tamper protection not applicable to a 64 Bit OS?
 
I read where Proactive Threat Protection does not work on a 64bit OS (or server OS) and that the definitions should say "Waiting for updates."  Well that is true on the servers I have the client installed on (all 32 bit servers so far), but on the 64 bit workstations, it actually has the updated definition date which is different than what the article states should happen.  See here:
 
 
Anybody have any insight or seeing the same thing? 
 
Note:  I saw the same thing before and after the MR1 update.



Message Edited by LE2Strat on 01-24-2008 08:38 AM

Comments 5 CommentsJump to latest comment

GrahamA's picture

Hi,

In general, I believe these are expected behaviour right now.. not ideal, but expected.

Tamper Protection is not currently supported and installed on 64-bit clients. The client is currently only able to report a status of 'on' or 'off' to the manager. The manager thus reports on the home page under 'Status Summary' for tamper proctection that clients have tamper protection 'off' when not installed on 64-bit clients. When clicking on the number, the drilldown report shows that it is the 64-bit clients with the 'off' status even though Tamper Protection is not installed to those machines.

Re Proactive Threat Protection, on my 64-bit Vista machine here I see the same, a definition date, etc and a status of OFF. This is another case of not ideal, but expected right now.

Hope this helps at least explain what you see?

GrahamA Product Management, Symantec Security Solutions

LE2Strat's picture
Yes, that explains it.
 
With so many things being "not supported" on 64bit OS, is Symantec going to post a list of what isn't supported?
GrahamA's picture
We do have this knowledge base article which should help:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007022310384648

In general, all the core protection functionality (AV/Antispyware/Firewall) works on 64bit Vista, it is the features which need to hook deep into the OS that typically don't work right now, due to the secured kernel and bitlocker.

Hope this helps.

GrahamA Product Management, Symantec Security Solutions

RBW's picture
I had a suggestion unrelated to your Tamper Protection question.
The application and all updates can be installed to individual groups.  As there are separate applications for 32 bit and 64 bit operating systems, you might want to create a separate group for 64 bit operating systems and then move this machine to the new group.
It may make it easier to maintain the machines as program updates become available.
adrian_vg's picture

@GrahamA:

If some features won't work on Vista because of the secured kernel and bitlocker, why doesn't it work on WinXP x64 then? This the case on our WinXP x64-clients.