Symantec Endpoint Protection (SEP) clients generating Tamper Protection alerts when excluded applications are using a path variable


Article ID: 156181


Updated On:


Endpoint Protection


Symantec Endpoint Protection (SEP) clients installed on a 64-bit Operating System do not honor Tamper Protection exclusions when a path variable such as [PROGRAM_FILES] is used.


This problem is fixed in Symantec Endpoint Protection 12.1 Release Update 3 (12.1 RU3). For information on how to obtain the latest build of Symantec Endpoint Protection, read ‘Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control

Should it not be possible to upgrade immediately, do not use the predefined variable in the Exceptions policy.  Use instead the full location path to the file that needs to be excluded.