We are running SEP version 12.1.671.4971 and getting the event log getting foilled up with Symantec Tamper Protection Alerts. The exact details are below. Is there a way to exclude this alert on the client side? Why do we get these alerts in a first place? Thanks!

Event

Date: 5/9/2012         Source: Symantec Antivirus

Time: 12:59:17 PM   Category: None

Type: Error               EventID: 45

User: NT Authority\System

Computer: xxx-xxx-xxxx

Description:

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

Event Info: Open Process

ActionTaken: Logged

Actor Process: C:\Program Files\NETSUPPORT MANAGER\CLIENT32.exe (PID 232)

Time: Wednesday, May 09, 2012 12:59:17 PM

Hello,

Is this a Citrix server / Terminal Server?

Check these Articles: 

Symantec Endpoint Protection 12.1 triggers Tamper Protection on Citrix server

http://www.symantec.com/docs/TECH163672

Tamper Protection alerts are triggered on Citrix servers running Symantec Endpoint Protection 12.1.

http://www.symantec.com/docs/TECH162566

Steps:

1 Logon to the server you wish to configure with an administrator account 
2 Click Start, Run and type “regedit” then click OK 
3 Browse to HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC 
4 Find the entry LaunchSmcGui and change it from DWORD 1 to DWORD 0 

Reference: Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

http://www.symantec.com/docs/TECH91070

Create a  Tamper Protection exception for C:\Program Files\NETSUPPORT MANAGER\CLIENT32.exe.

Below KB can help you in this

Creating a Tamper Protection exception

It's not a Citrix or a terminal server. Anyway thanks a lot for the quick reply.

I am checking with my customer if this is a safe application or not. If it is safe app, then we'll add it to the exception list. Thanks!