AntiVirus processes and this is triggering tamper protection

I need a solution

Our customer is using Symantec Endpoint Protection v14 (14.2) build 1023 914.2.1023.0100) and its blocking few exe’s from our product.

We are getting below exception :

[From event_log.xml…]
Scan type: Tamper Protection Scan
Event: Tamper Protection Detection
Security risk detected: D:E2EAPMTMAITM6_X64NET_CLR_VERSION64.EXE
File: C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.1023.0100.105BinccSvcHst.exe
Location: C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.1023.0100.105Bin
User: SYSTEM
Action taken: Access denied
Date found: Thursday, June 13, 2019 3:08:30 PM</Data></EventData><RenderingInfo Culture=’en-US’><Message> 

We are not sure why its blocking this NET_CLR_VERSION64.EXE? 

Is it a known issue in this symantec Antivirus version? Is it safe to ignore this exception or is it harmful?

0

Related:

  • No Related Posts

Definitions not getting updated for 2003 Servers

I need a solution

Hello All,

               We have 2 data centers in our environment in one of the Data center, the management console(14.2 RU1 (14.2 3335)) are getting updated with the latest virus definitions from the LUA and all the reporting clients including 2003 servers are getting the latest virus definition from the Managemnet Console, we don’t have any issue over there where as we have an issue in the another data center the consoles(14.2 RU1 (14.2 3335)) are getting the definitions from the LUA and it’s getting updated and only the 2003 servers are not getting the latest definitions.. I have checked in the LUA it’s downloading the content and moving it to the distribution center. Can some one help me why the 2003 Servers are not getting the definitions from the console?

0

Related:

  • No Related Posts

The installer integrity check failed with error code 0x8007065b

I need a solution

I can not install antivirus software after using CleanWipe software
I encounter the following error:
“The installer integrity check failed. Common causes for this failure include an incomplete download, damaged media, or problems with the Trusted Root certificate store.0x8007065b

I installed all the certificate but unfortunately there is still a problem

0

Related:

  • No Related Posts

Need help with scripting standalone dark network installation.

I need a solution

I am tring to write a DOS script do a silent install of our standard configuration of SEP 14 dark network client.  I need to learn the command line switches for the following settngs:

Yes: Custom

Yes: Dark network client

Yes: Core Files

Yes: Virus, Spyware, and Basic Download

No:  Advanced Download Protection

No:  Outlook Scanner

No:  POP3/SMTP Scanner

No:  Proactive Threat Protection

No:  Network and Host Exploit Mitigation

No:  Application Hardening

Yes: Enable Auto-Protect

No:  Run LiveUpdate

No: ” I want to join the fight…”

No:  “Yes, I’d like to help…”

Does anyone know where I can find this information?  I have been looking for two days.

0

Related:

  • No Related Posts

Threat Detected on a drive that doesn’t exist?

I need a solution

Hello-

We are receiving the following threat detections on a particular PC:

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Trojan.Gen.MBT
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 ———–
 1 Infected File
D:DHL_Label_Scan _  June 19 2019 at 2.21_06455210_PDF.exe – Failed
 1 Browser Cache

Heur.AdvML.C
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 ———–
 1 Infected File
D:DHL_Label_Scan _  June 19 2019 at 2.21_06455210_PDF.exe – Failed
 1 Browser Cache

The problem here is, there is no CD/DVD in the optical drive and there is no Drive D: on the machine — see attachment. I do recognize the filename as it was an attachment included in a spam email that was never opened and has since been deleted.

Any ideas on how to clear these alerts?..

0

Related:

  • No Related Posts

SEP 14.2 Not Downloading Virus and Spyware defs from internal LUA

I need a solution

So I’m at a loss here. We’ve recently upgraded a test environment from 12.1 to 14.2 RU1. Upgrade went fine from what we can see. We use an internal Live Update Administrator that the managers pull their updates from, and have for year with no issues. I’ve have gone through and added in the new Symantec 14, 14.1 and 14.2 packages to download the SEP Manager 32 bit and 64bit Virus and Spyware definitons, along with the new SDS versions of the updates.

They are also set to be distributed to our distribution centres fine. When the live update task on our managers starts, we can see almost all of our definitions downloading correctly, IPS, SDS and even the legacy 12.1.6 legacy updates we still use for legacy devices. However, the regular Virus and Spyware defintions Win32/64 14.2 RU1 are not showing as downloaded. I’ve even tried downloading the 14.0 versions of the files as this has been noted in the past as being a requirment for some.

Does anyone know what I need to download to check this off? The manager dashboard is showing that our current Windows Definitons is still at the 18th, the day of the upgrade whilst it know the current version from Symantec

0

Related:

  • No Related Posts

Move Multiple SEP Client From Different SEPM

I need a solution

Hello,

I have a case in one of my customers. bellow is the details :

  1. My Custome have 2 Separate SEPM and want that installed separately with option “Install my first site”  checked when configuring it at the first time.
  2. On the first SEPM they have arround 2000 Users and Second SEPM they have 500 Users.
  3. And now they want to move all 500 Users from Second SEPM to the first site and reinstalling the second site and being the replication partner of the first site after that.
  4. The option to move that i have is usng Sylink.xml file that i generated from the first site.

My question is there any way to move multiple client like that in one command or Is there a way to distribute sylink.xml to the client computer without doing it one by one ?

Thanks

Ahmad

0

Related:

  • No Related Posts