The newly updated Symantec Protection Suite Small Business Edition 4.0 contains Symantec Endpoint Protection 12.1.  As part of that offering, there is a module called “Tamper Protection,” which is designed to prevent any form of malware from adversely affecting the operation of the Symantec Software.

As a managed service provider, I am using a third-party software product to monitor and maintain the health of my clients’ servers and workstations.  The software takes an inventory of a variety of things and reports back to the data center on a regular basis.  I get to view the results on my web-based portal.

Somehow, and quite unfortunately, Symantec Endpoint Protection thinks each of these activities is a threat to its existence, and the default setting for Tamper Protection is to block any offending program.  When it does, it places an entry in the Windows Event log.

Windows EventID 45

Windows EventID 45

Of course, my MSP software is designed to keep trying to get its information back to the data center – so the Event log just fills up with EventID 45 records as it struggles against Symantec Endpoint Protection.

There has to be some way of preventing this.
Read More →