Clients show Disabled after upgrade to 14.3 MP1 due to component malfunction for Tamper Protection

book

Article ID: 208617

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Upon upgrading to 14.3 MP1 many clients show Disabled due to a component malfunction for Tamper Protection

Cause

Due to a change in 14.3 MP1, Tamper Protection requires the latest BASH definitions to function even when Proactive Threat Protection is NOT installed

Environment

14.3 MP1+

Resolution

  1. Ensure the SEPM manager has the following definitions downloaded/loaded in path: Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content
    14.3 BASH content ({D6AEBC07-D833-485f-9723-6C908D37F806}: SEPC Behavior And Security Heuristics 14.3 - MicroDefsB.CurDefs - SymAllLanguages
  2. Ensure the LiveUpdate Content policy has SONAR Heuristic signatures added for SEPM content distribution
  3. Ensure the SEP clients have the latest BASH definitions downloaded/loaded in path: C:\ProgramData\Symantec\Symantec Endpoint Protection\<client version>\Data\Definitions\BASHDefs


Additional Information