Endpoint Protection Application Control interferes with Microsoft TTTracer

book

Article ID: 191854

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP (Symantec Endpoint Protection) Application Control interferes with Microsoft TTTracer ("Time Travel Debugging")

Errors when attempting to attached TTTracer to a PID:
  • "did not complete successfully"
  • "Communication between the guest process and this client could not be established, which may be an indication of permissions or privileges problem"
  • "Corrupted trace dumped"

Resolution

Create a SEP Windows Exception, File Exception for the application (full path and name of executable) and check "Application Control" for types of scan