Tamper protection is enabled and action is [Block and do not log] or [Block and log]. However, even if you try to modify some registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection for example, Tamper protection does not block it.

• Following error is logged in OS Application log.

Log Name:      Application
Source:        Symantec AntiVirus
Event ID:      74
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Description:   SONAR has generated an error: code 0: description: Definitions Failed: 0. Binary version: 0

• There is no definition folder under
  C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\BashDefs\ other than [newdefs-trigger].

This may happen when you set up Symantec Endpoint Protection Manager (SEPM) in closed network (no internet connection) and update virus definitions only by JDB file.

Tamper protection has dependency on SONAR definition but there is no SONAR definition on SEP client.

Install at least 1 SONAR definition on SEP client. You can install SONAR definition on SEPM by SONAR JDB file, or can install on each SEP client by standalone installer.

• Download .jdb files to update definitios for Endpoint Protection Manager
• Behavior-Based Protection (SONAR)