Endpoint Protection

 View Only

  • 1.  EMC NaviAgent.exe - Tamper Protection Alert

    Posted Oct 17, 2011 02:54 AM

    Dear Community,

    On a DELL server, we get a tamper protection alert:

    XXXX104,"SYSTEM","Logged","Process","Open","C:\PROGRAM FILES\EMC\NAVISPHERE AGENT\NAVIAGENT.EXE (PID 1760)","C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (PID 5596)","C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (PID 5596)","4.10.2011 0:08:54"

    As I guess, that the EMC Naviagent.exe is NOT a "bad" programm, what is the solution for this?

     

    Best regards,
    Lukas Hubschmid



  • 2.  RE: EMC NaviAgent.exe - Tamper Protection Alert
    Best Answer

    Posted Oct 17, 2011 03:13 AM

    Create exclusion for Naviagent

    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/c291bf8d5d97b5f68025736200576f9d?OpenDocument

     

    Tamper Protection protects SEP's files from being Tampered and Naviagent for some reason is accessing ccSvcHst.exe so this is triggered.



  • 3.  RE: EMC NaviAgent.exe - Tamper Protection Alert

    Broadcom Employee
    Posted Oct 17, 2011 03:14 AM

    Create a tamper protection exception

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55213



  • 4.  RE: EMC NaviAgent.exe - Tamper Protection Alert

    Posted Oct 17, 2011 07:47 AM

    Okay, thank you two!

    I created the exception and now there are no more tamper protection alerts triggered.

    BR & Thanks

    Lukas Hubschmid