Solved

Symantec endpoint protection 11 giving tamper protection notices

Posted on 2009-05-11
5
1,289 Views
Last Modified: 2013-12-09
for the past two fridays i have been getting tamper protection notices on my exchange server, i dont know what they are or if i shoul dbe concerned i exported the list and attached it
sep-tamper-protection.xls
0
Comment
Question by:cfischer225
  • 3
5 Comments
 
LVL 23

Accepted Solution

by:
Admin3k earned 500 total points
ID: 24357803
If those are the only errors you get, I wouldn' t worry about them 
in general Tamper protection is a method your antivirus uses to detect whenever a 3rd party / outside application is trying to modify / disable or tamper with Antivirus files or settings.
this method was recently added to Antivirus programs, as the majority of new malware will try to disable / terminate antivirus programs the first thing they do after infection.
in this case , the Tamper protection alert originated from rundll32.exe which is a trusted windows process, I am guessing this is related to secondary login AND / OR RDP Console access.
if your antivirus is up & running and you only get this alert infrequently, I would suggest you ignore it .
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24357822
Hi,

Please follow the solution in this KB article:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c291bf8d5d97b5f68025736200576f9d?OpenDocument

Create a "Tamper Protection" exception for this executable:

c:\windows\system32\rundll32.exe

A Symantec Certified Specialist @ your service
0
 

Author Comment

by:cfischer225
ID: 24357994
i noticed i'm running 11.0.2 and im going to upgrade to the latest build. should i upgrade and then make the exculsion or vice versa?

when i upgrade will the new client retain the settings as i have other exclusions because its an exch server?

can i install on top or remove the old and install the new?
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24358412
1) "should i upgrade and then make the exculsion or vice versa?"

It doesn't matter

2) "when i upgrade will the new client retain the settings as i have other exclusions because its an exch server?"

Yes

3) can i install on top or remove the old and install the new?

You'll upgrade on top, you can migrate the current version to either (MR3) or the latest (MR4)

Check the following KB article:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2bec0308fcd83d2f882575220071b968?OpenDocument
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24614120
Hi,

Any update on your case?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now