There are tamper alerts regarding a Java (jqs.exe) process on client machines since Symantec Endpoint Protection (SEP) has been upgraded from 11.0 to 12.1. This does not occur on all clients.
Tamper protection is configured to "Block".
The file has been submitted to Security Response and it is clean.
JQS.exe try to reach SEP processes (i.e. ccSvcHst.exe, smc.exe), but not stopping them. This may be an incompatibility between JQS.exe and SEP 12.1.
- Go to JQS.exe from Control Panel > Java > Advanced > Misc. and uncheck Java Quick Starter
- Create Centralized Exception to exclude JQS.exe from Tamper detection:
Windows XP computer with SEP 12.1 and Java 1.6 u26.