Endpoint Protection

Dear Member,

This morning i've got one alert message on my notebook :

Symantec Tamper Protection Alert

Target C:\Program Files\Symantec\LiveUpdate\LuCallbackproxy.....

Event Info:...

Action Taken:logged

.....

.....

What does it mean?

Regards

WxB

Attachment(s)

Symantec Tamper Protection Alert.docx   41 KB 1 version

the image is not clear, however the exe process under system32 is trying to stop/modify luallcallbackproxy.exe, which is not normal.

Any process which tries to stop and modify symantec related process the tamper protection alert are observed.

Does it mean if this process (luallcallbackproxy.exe) make a risk for my NB?

no, lucallbackproxy is symantec related exe. The other exe in system32 for somereason is try to change the lucallbackproxy. Is the exe under system32 abnormal file? if not set tamper protection exception

Hello,

Symantec Blocks / Logs the Application when it find the Application to be suspicious.

C:\Windows\system32\taskhost.exe is a Suspicious file which is trying to stop the Symantec LuCallbackProxy.exe

Could you please Submit the Suspicious file to the Symantec Security Response Team on:

https://submit.symantec.com/websubmit/essential.cgi

OR / AND

http://www.threatexpert.com/submit.aspx

You can Later on create a Tamper Protection Exception as well for the same.

Hope that helps!!

Sorry if this is in the wrong place but Ive had this notification today after downloading Advanced System Care and need to know if its important.

SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Set Information Process
Action Taken:  Logged
Actor Process:  C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 7368)
Time:  17 November 2011  17:46:08

Many thanks

Regarding to http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=taskhost.exe, there is a malware which uses a file with the same name, but at another location in filesystem. The file in %system% should be the right one - so that must be a false positive.

Contact support about this.

@Lisa123: ACSService.exe is from china and a known spy/info stealing application! Have a look at this: http://www.spywareinfoforum.com/index.php?showtopic=126267

Your Tamper Protection was right. Get rid of this software, it is not to be trusted!

Regards,

Marius

SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe

Event Info:  Set Information Process

Action Taken:  Logged

Actor Process:  C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (PID 884)

Time:  Wednesday, February 29, 2012  9:53:01 AM

This is what pops up almost everyday when using our email. What do I do to keep this from popping up!

Thanks

Vera

@KHCer,

It looks like Advanced SystemCare is attempting to tamper with Symantec. From their product page, it looks like the product has some security features. Running two security products on the same system can cause problems, and is not recommended.

Advanced SystemCare

Defends PC security with extra protection Enhanced

Detects and analyzes Windows security environment. Scans and removes spyware and adware using up-to-date definition files in order to prevent spyware, hackers and hijackers from installing malicious programs on your computer. Erases and updates your PC's activity histories.

As Thomas has mentioned, it is not advisable to have 2 security products on the same machine. And here ASC is trying to modify SEP. If ASC is important, you may have to create exclusions for tamper protection.

The below link might help.

http://www.symantec.com/docs/TECH92553