Symantec endpoint protection 11 giving tamper protection notices

Posted on 2009-05-11
Medium Priority
Last Modified: 2013-12-09
for the past two fridays i have been getting tamper protection notices on my exchange server, i dont know what they are or if i shoul dbe concerned i exported the list and attached it
Question by:cfischer225
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 23

Accepted Solution

Mohamed Osama earned 2000 total points
ID: 24357803
If those are the only errors you get, I wouldn' t worry about them 
in general Tamper protection is a method your antivirus uses to detect whenever a 3rd party / outside application is trying to modify / disable or tamper with Antivirus files or settings.
this method was recently added to Antivirus programs, as the majority of new malware will try to disable / terminate antivirus programs the first thing they do after infection.
in this case , the Tamper protection alert originated from rundll32.exe which is a trusted windows process, I am guessing this is related to secondary login AND / OR RDP Console access.
if your antivirus is up & running and you only get this alert infrequently, I would suggest you ignore it .
LVL 15

Expert Comment

ID: 24357822

Please follow the solution in this KB article:


Create a "Tamper Protection" exception for this executable:


A Symantec Certified Specialist @ your service

Author Comment

ID: 24357994
i noticed i'm running 11.0.2 and im going to upgrade to the latest build. should i upgrade and then make the exculsion or vice versa?

when i upgrade will the new client retain the settings as i have other exclusions because its an exch server?

can i install on top or remove the old and install the new?
LVL 15

Expert Comment

ID: 24358412
1) "should i upgrade and then make the exculsion or vice versa?"

It doesn't matter

2) "when i upgrade will the new client retain the settings as i have other exclusions because its an exch server?"


3) can i install on top or remove the old and install the new?

You'll upgrade on top, you can migrate the current version to either (MR3) or the latest (MR4)

Check the following KB article:

LVL 15

Expert Comment

ID: 24614120

Any update on your case?

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question