search cancel

Configure Tamper Protection in unmanaged Endpoint Protection

book

Article ID: 151318

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • You can enable or disable Tamper Protection in Symantec Endpoint Protection (SEP). If Tamper Protection is enabled, you can choose the action that it takes when it detects an attempt to tamper with Symantec software.
  • You can also have Tamper Protection display a message to notify you of tamper attempts. If you want to customize the message, you can use the predefined variables that Tamper Protection fills in with the appropriate information.
  • For information about the predefined variables, click Help on the Tamper Protection tab.

Resolution

To enable or disable Tamper Protection

  1. In the main window, in the sidebar, click Change Settings.
  2. Beside "Client Management", click Configure Settings.
  3. On the "Tamper Protection tab", check or uncheck Protect Symantec security software from being tampered with or shut down.
  4. Click OK.




To configure Tamper Protection:

  1. In the main window, in the sidebar, click Change Settings.
  2. Beside "Client Management", click Configure Settings.
  3. On the "Tamper Protection" tab, in the "Action to take list box", select Block it and and Log the event or Log the event only.
  4. If you want to be notified when Tamper Protection detects suspicious behavior, check Display a notification message when tampering is detected:.
    • Note: If you enable these notification messages, you may receive notifications about Windows processes as well as Symantec processes.
  5. To customize the message that displays, type in new text or delete any text you want in the message field.
  6. Click OK.