search cancel

Internet Explorer generates Tamper Protection log events

book

Article ID: 162112

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When you launch Microsoft Internet Explorer (iexplore.exe), one or more events appear in the Symantec Endpoint Protection (SEP) 12.1 Tamper Protection Log.

 

 

The Tamper Protection Log details are as follows:

Actor: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Definitions\IPSDefs\<Installed Definitions Version>\​IPSEng32.dll

AND

Target: C:\ProgramData\Symantec\Symantec Endpoint Protection\<CurrentVersion>\Data\Definitions\IPSDefs\<Installed Definition Version>\​IPSLdr32.dll​

 

Cause

Microsoft App-V version 5.0 SP2 or later is installed on the machine, and Dynamic Virtualization is enabled. When you launch Internet Explorer, Microsoft App-V generates Tamper Protection log entries in SEP 12.1 because it reads one or more SEP 12.1 .DLL files.

 

Resolution

The following independent solutions/workarounds are available: