How to disable Symantec AV 10.x Tamper Protection so that it does not conflict with Altiris?

book

Article ID: 180604

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server) Deployment Solution

Issue/Introduction

 

Resolution

Question
Using Tamper Protection in Symantec AntiVirus 10.x and Symantec Client Security 3.x

Answer
This is an extract from a Symantec knowledgebase article.  Please refer go to this link for full details:
http://service1.symantec.com/SUPPORT/ent-security.nsf/0/da6de28995fb32f488256fd500691e9f?OpenDocument
________________

Situation:
This document describes the new Tamper Protection feature in Symantec AntiVirus Corporate Edition 10.x and Symantec Client Security 3.x.

Solution:
Tamper Protection provides real-time protection for Symantec applications. It prevents Symantec processes from being attacked or affected by non-Symantec processes, such as worms, Trojans, viruses, and security risks.


Enabling, disabling, and configuring Tamper Protection
When Tamper Protection is enabled, you can enable and disable protection types for Symantec processes. You can configure Symantec AntiVirus to block or log attempts to modify the processes. You can also configure a message to display on affected computers when a tampering attempt is detected. For the greatest protection, enable Tamper Protection and do not disable protection for processes.

To enable Tamper Protection in Symantec System Center

  1. Start Symantec System Center.
  2. Do one of the following:
    • Right-click a server or server group, and then click All Tasks > Symantec AntiVirus > Client Tamper Protection Options.
    • Right-click a server or server group, and then click All Tasks > Symantec AntiVirus > Server Tamper Protection Options.
  3. Check Enable Tamper Protection.
  4. If you use Symantec AntiVirus 10.1, configure the protection settings that you want.
  5. If you use Symantec AntiVirus 10.0, do one of the following:
    • In the drop-down list, click Block to block unauthorized activity.
    • In the drop-down list, click Log Only to log unauthorized activity.
  6. Under Notifications, do one of the following:
    • Check Display message on infected computer to enable messaging.
    • Uncheck Display message on infected computer to disable messaging.
  7. If you are configuring Client Tamper Protection Options, lock or unlock each field, as appropriate for your network.
  8. If you are configuring Client Tamper Protection Options, you can click Reset All to propagate the settings on this tab to every client attached to the server or server group.

To enable Tamper Protection locally
  1. Start Symantec AntiVirus.
  2. Click Configure > Tamper Protection.
  3. Check Enable Tamper Protection .
  4. If you use Symantec AntiVirus 10.1, under Protection, configure the protection settings that you want.
  5. If you use Symantec AntiVirus 10.0, under Protection, do the following:
    • In the "On violation" drop-down box, select Block to block unauthorized activity or Log Only to log unauthorized activity.
    • Check or uncheck Keep tamper protection enabled even if Symantec AntiVirus is shutdown.
  6. Under Notifications, do one of the following:
    • Check Display message on infected computer to enable messaging.
    • Uncheck Display message on infected computer to disable messaging.
  7. Click OK.

To disable Tamper Protection in Symantec System Center
  1. Start Symantec System Center.
  2. Do one of the following:
    • Right-click a server or server group, and then click All Tasks > Symantec AntiVirus > Client Tamper Protection Options.
    • Right-click a server or server group, and then click All Tasks > Symantec AntiVirus > Server Tamper Protection Options.
  3. If you use Symantec AntiVirus 10.1, under Protection, uncheck Processes and then uncheck Internal Objects.
  4. Uncheck Enable Tamper Protection.
  5. If you are configuring Client Tamper Protection Options, lock or unlock each field, as appropriate for your network.
  6. If you are configuring Client Tamper Protection Options, you can click Reset All to propagate the settings on this tab to every client attached to the server or server group.

To disable Tamper Protection locally
  1. Start Symantec AntiVirus.
  2. Click Configure > Tamper Protection.
  3. If you use Symantec AntiVirus 10.1, uncheck Processes and then uncheck Internal Objects.
  4. Uncheck Enable Tamper Protection.
  5. Click OK.