Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1353
  • Last Modified:

Symantec endpoint protection 11 giving tamper protection notices

for the past two fridays i have been getting tamper protection notices on my exchange server, i dont know what they are or if i shoul dbe concerned i exported the list and attached it
sep-tamper-protection.xls
0
cfischer225
Asked:
cfischer225
  • 3
1 Solution
 
Mohamed OsamaSenior IT ConsultantCommented:
If those are the only errors you get, I wouldn' t worry about them 
in general Tamper protection is a method your antivirus uses to detect whenever a 3rd party / outside application is trying to modify / disable or tamper with Antivirus files or settings.
this method was recently added to Antivirus programs, as the majority of new malware will try to disable / terminate antivirus programs the first thing they do after infection.
in this case , the Tamper protection alert originated from rundll32.exe which is a trusted windows process, I am guessing this is related to secondary login AND / OR RDP Console access.
if your antivirus is up & running and you only get this alert infrequently, I would suggest you ignore it .
0
 
xmachineCommented:
Hi,

Please follow the solution in this KB article:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c291bf8d5d97b5f68025736200576f9d?OpenDocument

Create a "Tamper Protection" exception for this executable:

c:\windows\system32\rundll32.exe

A Symantec Certified Specialist @ your service
0
 
cfischer225Author Commented:
i noticed i'm running 11.0.2 and im going to upgrade to the latest build. should i upgrade and then make the exculsion or vice versa?

when i upgrade will the new client retain the settings as i have other exclusions because its an exch server?

can i install on top or remove the old and install the new?
0
 
xmachineCommented:
1) "should i upgrade and then make the exculsion or vice versa?"

It doesn't matter

2) "when i upgrade will the new client retain the settings as i have other exclusions because its an exch server?"

Yes

3) can i install on top or remove the old and install the new?

You'll upgrade on top, you can migrate the current version to either (MR3) or the latest (MR4)

Check the following KB article:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2bec0308fcd83d2f882575220071b968?OpenDocument
0
 
xmachineCommented:
Hi,

Any update on your case?
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now