ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SEP 14.3 RU4 - Tamper Protection Events for MSIEXEC.EXE

book

Article ID: 241664

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After upgrading to SEP 14.3 RU4 you start to notice Tamper Protection Events from MSIEXEC.EXE

 

Cause

Enhancements were made in SEP 14.3 RU4 so that unsolicited calls to have Windows Installer modify SEP are blocked: E.G. someone running MSIEXEC.EXE from a command prompt or via script.

Environment

Release : 14.3 RU4

Component : Tamper Protection

Resolution

In case of legitimate usage of command prompt\script\SCCM to uninstall software in the infrastructure, it will be needed to add a Tamper Protection Exclusion for MSIEXEC.EXE

Additional Information

  1. SEP-75512