Unified Agent shows "Tampering Detected" message

book

Article ID: 167527

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

If Unified Agent (UA) detects unauthorized manipulation in its configuration it enters Failure Mode showing the "Tampering Detected" message. The Failure Mode state depends on the portal configuration allowing or denying the traffic. 

 

 

"Tampering Detected"

Cause

The Tampering Detected message appears under the following conditions. 

  • The administrator manipulated the UA configuration files.
  • A virus or suspicious software manipulated configuration files or the regedit values used by the UA.

Environment

Web Security Services

Unified Agent

Resolution

The UA was specifically designed to prevent users from bypassing the Web Security Service (WSS).

If the UA detects any entries in the Hosts file which relate to the WSS (for example, client.threatpulse.net). It enters into tamper detect mode and the user cannot access the Internet.

This behavior is by design. If you need to disable this feature, you enter your Web Portal

  • Service > Mobility > Unified Agent 
  • Disable Tamper Protection option

Note: This option is for version 4.8 or later