Understanding the concept
Tamper protection is one of the security feature of Symantec which will protect the Symantec services from being
play around with or alter or falsify, usually secretively or dishonestly by another process. Once it is enabled other process is cannot edit the features of Symantec. It can be activated either for a group of computers or a single computer.
To protect for a group of users
1.In the console, click 'Clients' tab and then 'select the group' that you want to enable tamper protection.
2.On the 'Policies' tab, under 'Settings', click 'General Settings'.
3. On the 'Tamper Protection' tab, check or uncheck 'Protect Symantec security software from being tampered with or shut down'.
4. In the list box under Actions to take if an application attempts to tamper with or shut down Symantec security software, select one of the following options:
•Block it and log the event
•Log the event only
5. Check or uncheck 'Display a notification message when tampering is detected'.
6. Click the lock icon next to options that you do not want users to change.
7. Click OK.
To enable Tamper protection from client SEP
- Open SEP clients-> select 'Change settings'
- Now locate 'client management' and click on 'Configure settings'.
- Select the tab 'Tamper protection' and check the check box 'protect Symantec security software from being tampered with or shutdown'.
- Select the action that what need to do. Use 'Block and log' when you want to stop tamper activity and you need to see that logs as well.
- Click 'OK' and close the window.