SEP 14.3 RU4 - Tamper Protection Events for MSIEXEC.EXE
Article ID: 241664
Updated On:
Products
Endpoint Protection
Issue/Introduction
After upgrading to SEP 14.3 RU4 you start to notice Tamper Protection Events from MSIEXEC.EXE
Environment
Release : 14.3 RU4
Component : Tamper Protection
Cause
Enhancements were made in SEP 14.3 RU4 so that unsolicited calls to have Windows Installer modify SEP are blocked: E.G. someone running MSIEXEC.EXE from a command prompt or via script.
Resolution
In case of legitimate usage of cmd\script\SCCM to uninstall software in the infrastructure, it will be needed to add a Tamper Protection Exclusion for MSIEXEC.EXE.
Additional Information
Feedback
Yes
No
Powered by
