Tamper Protection Exceptions appear not to be working in SEP 12.1

book

Article ID: 155722

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After configuring a Tamper Protection exception in the Symantec Endpoint Protection 12.1 console, the excluded application is still generating Tamper Protection alerts on the SEP clients.

 

Cause

Tamper Protection exclusions in SEP 12.1 do not take effect until the excluded executable is restarted. Processes started before (and still running after) the SEP client received the policy containing the exception will not be excluded.

 

Resolution

Close and re-open the excluded application, or reboot the machine if the excluded executable is a service or other constantly running process.

If a reboot of the machine still does not allow the exclusion to take effect, please see article: TECH171057