Endpoint Protection

A client who is running SEP 10 got this message and asked me what it meant. It looks like SEP is blocking itself. Can anyone throw any light on this?

Target: DefWatchWizardMutex
Event Info: Create Internal Mutex
Action Taken: Blocked
Actor Process: C:\Program Files\Symantec AntiVirus\DWHWizard.exe(PID 2032)

Target: LDVP_LPC_SEM
Event Info: Open Enternal Event
Action Taken: Blocked
Actor Process: C:\Program Files\Symantec AntiVirus\DWHWizard.exe(PID 2032)

What is the exact version of SEP 11 you are using..there was a issue with  DWHWizard.exe that was fixed in 11.0.4202.xx version..

Make sure you have installed latest version of SEP 11.0.6100.xx

Or else create tamper protection exclusion for  C:\Program Files\Symantec AntiVirus\DWHWizard.exe.

Or Disable Tamper Protection on affected machine

create tamper protection exclusion for  C:\Program Files\Symantec AntiVirus\DWHWizard.exe.

What should I do when I get a Tamper Protection Alert?

Thanks for the suggestions Vikram. It's actually SAV, not SEP. My mistake, and it's v10, not v11.

I can't see how to create a tamper protection exclusion, is this possible in v10?

Hi Rgs,

Regarding the tamper protection alert in the SAV 10.x it is not possible and the only thing you can do is to disable the tamper protection

To disable the tamper protection

open the SAV and goto configure and then click tamper protection.

Now, Uncheck the box which says " Enable tamper protection "

Thanks Narendran.