Endpoint Protection

We have upgraded to SEP 12.1 RU1, and it seems that the file ADOBEARM.EXE is now causing lots of grief with SEP 12 (we were running SEP 11, and it was fine then). We have added a tamper protection exception for %[PROGRAM_FILES_COMMON]%\ADOBE\ARM\1.0\ADOBEARM.EXE, but alerts still pop up. Does Symantec eventually add safe files to definition updates so that this will stop? I'm not sure what we're missing to stop this from happening after having added the tamper exception.

whats the alert message?

is it tamper protection alert or sonar?

if it is added under exception, has client received the policy?

It is tamper protection. I believe that the client received the policy. I will watch for it to happen again and verify that it did get the updated policy.

What do we do?

Okay. 

ccSVCHost is the generic process .EXE that runs all the Symantec services.  Kind of like SVCHost.exe but
symantec's version.

AdobeARM is Adobe's download manager.  It is now a service that constantly checks for updates to, amongst other things, Flash, Reader, etc.

* * * * * *

This document describes hot to add the detected process:

http://www.symantec.com/business/support/index?page=content&id=TECH176906

Hi ,

Please add the .exe to application Exeception .

Exceptions>Windows Exceptions>Application

The popup will not show up .

Thumb up Pete. Add it in Exception and then check.

Please have a look at this work-around

http://www.symantec.com/docs/TECH185720