Endpoint Protection

Patching servers this weekend, noticed in the application eventlog that windows updates (from WSUS server)  triggered a tamper protection alert in ver 10.1.5.5000, on windows server 2000. The alert appears to have been caused when the server downloaded updates to the software distribution folder used by automatic updates. All running services respond the same as below if the remote client has tamper protection enabled. Servers that do not have tamper protection enabled, they do not error. Server 2003 does not appear to exhibit this problem. Has anybody else seen this behavior exhibited?

Event Type: Error
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 45
Date:  12/10/2008
Time:  2:43:30 PM
User:  xxxxxxxxxxxx
Computer: server1
Description:
 

SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Event Info:  Map View Memory
Action Taken:  Blocked
Actor Process:  C:\WINNT\SoftwareDistribution\Download\094cb48add2362622ba4c3293b5a2f17\update\update.exe (PID 2232)
Time:  Wednesday, December 10, 2008  2:43:30 PM

I have the same case during applying the Windows Security Patch in 14 Jan 2009. As I search around, I cannot find the solution. Also, Symantec and Microsoft do not address this problem at all. Do anyone have any idea about this problem? How can we solve it? (just disable that tamper protection?)

SAV ver 10.1.5.5000, on windows server 2000.

Just disable tamper protection or migrate to SEP.

- Jukka