Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

TaobaoProtect.exe - Tamper Protection Alert

  • 1.  TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 09:49 AM

    TaobaoProtect.exe - Tamper Protection Alert - From Windows 7 & 8.1 SEP clients through SEPM Email alert..

    What software's process is this TaobaoProtect.exe.

     



  • 2.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Broadcom Employee
    Posted Aug 19, 2015 09:51 AM

    Should get captured more info in the Traffic logs.

    Looks suspicious file, could you use Risk tracer to find more details as well.

     



  • 3.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 09:59 AM
    Check the tamper protection log, it will give the path


  • 4.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:10 AM

    Looks like the .exe belongs to some addon application related to Alibaba

    http://trademanager.alibaba.com/download.htm

    Submitted the file for whitelisting and its been whitelisted and still SEP client is alerting

    Tamper protection



  • 5.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:12 AM

    Whitelisting doesn't apply to tamper protection. You need to add a tamper protection alert.

    How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

     



  • 6.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:22 AM

    Already excluded from Monitors - Logs.

    From the alert received


     



  • 7.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:23 AM

    Did a File exclusion as well from SEPM, Tried to folder exclusions.

    Didnt find the reigstry key getting created even though the policy is properly updated



  • 8.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:25 AM

    Did a File exclusion as well from SEPM, Tried to folder exclusions.

    Didnt find the reigstry key getting created even though the policy is properly updated



  • 9.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:28 AM

    You need to add from Monitors - Logs - Application and Device Control Logs - Application Control

    Select tamper protection

    Find your log entry and highlight it. For the action set it to Add Process to Exception Policy and hit Start

    Pick the policy you want to add to and hit OK



  • 10.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 11:28 AM

    You need to add from Monitors - Logs - Application and Device Control Logs - Application Control

    Select tamper protection

    Find your log entry and highlight it. For the action set it to Add Process to Exception Policy and hit Start

    Pick the policy you want to add to and hit OK



  • 11.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Posted Aug 19, 2015 12:23 PM

    Yes. Still its alerting Tamper Protection - Alert Minor 1



  • 12.  RE: TaobaoProtect.exe - Tamper Protection Alert

    Broadcom Employee
    Posted Aug 19, 2015 01:39 PM

    It may be possible to work around or resolve this issue either by updating the application for which the Tamper Protection alerts are being generated, or by updating the SEP client version on the affected machines.

    There was a known issue with SEP 12.1 RU1 version, make sure SEP client is on the latest version.

    Symantec Endpoint Protection (SEP) clients generating Tamper Protection alerts on excluded applications

    http://www.symantec.com/docs/TECH171057

    Check tamper protection logs for more details, following article can help you for that.

    How to collect the Tamper Protection log from Symantec Endpoint Protection Manager in Symantec Endpoint Protection 12.1

    http://www.symantec.com/docs/TECH182743

    Note: Tamper Protection does not support folder exceptions.