Patching servers this weekend, noticed in the application eventlog that windows updates (from WSUS server) triggered a tamper protection alert in ver 10.1.5.5000, on windows server 2000. The alert appears to have been caused when the server downloaded updates to the software distribution folder used by automatic updates. All running services respond the same as below if the remote client has tamper protection enabled. Servers that do not have tamper protection enabled, they do not error. Server 2003 does not appear to exhibit this problem. Has anybody else seen this behavior exhibited?
Event Type: Error
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 45
Date: 12/10/2008
Time: 2:43:30 PM
User: xxxxxxxxxxxx
Computer: server1
Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Event Info: Map View Memory
Action Taken: Blocked
Actor Process: C:\WINNT\SoftwareDistribution\Download\094cb48add2362622ba4c3293b5a2f17\update\update.exe (PID 2232)
Time: Wednesday, December 10, 2008 2:43:30 PM