ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Internet Explorer generates Tamper Protection log events

book

Article ID: 162112

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When you launch Microsoft Internet Explorer (iexplore.exe), one or more events appear in the Symantec Endpoint Protection (SEP) 12.1 Tamper Protection Log.

 

 

The Tamper Protection Log details are as follows:

Actor: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Definitions\IPSDefs\<Installed Definitions Version>\​IPSEng32.dll

AND

Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Definitions\IPSDefs\<Installed Definition Version>\​IPSLdr32.dll​

 

Cause

Microsoft App-V version 5.0 SP2 or later is installed on the machine, and Dynamic Virtualization is enabled. When you launch Internet Explorer, Microsoft App-V generates Tamper Protection log entries in SEP 12.1 because it reads one or more SEP 12.1 .DLL files.

 

Resolution

The following independent solutions/workarounds are available: