When you launch Microsoft Internet Explorer (iexplore.exe), one or more events appear in the Symantec Endpoint Protection (SEP) 12.1 Tamper Protection Log.

 

The Tamper Protection Log details are as follows:

Actor: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Definitions\IPSDefs\<Installed Definitions Version>\​IPSEng32.dll

AND

Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Definitions\IPSDefs\<Installed Definition Version>\​IPSLdr32.dll​

Microsoft App-V version 5.0 SP2 or later is installed on the machine, and Dynamic Virtualization is enabled. When you launch Internet Explorer, Microsoft App-V generates Tamper Protection log entries in SEP 12.1 because it reads one or more SEP 12.1 .DLL files.

The following independent solutions/workarounds are available:
 

• Disable Dynamic Virtualization within Microsoft App-V 5.0 Sp2 or later. For more information, please visit the following blog entry from Microsoft or reach out to Microsoft Technical Support:
  
  http://blogs.technet.com/b/gladiatormsft/archive/2014/02/05/app-v-5-on-run-virtual-rds-run-virtual-virtualizable-extensions-and-dynamic-virtualization.aspx
   
• Make a Tamper Protection exclusion for Microsoft Internet Explorer, but please be aware that this is a security concern.
• Configure Tamper Protection to "Block and do not Log".