ソリューションが必要です
Recently, the client support techs started reporting that they were having trouble running JAVA installations/uninstallations due to Tamper Protection Alerts from SEP.
Given that we've been playing an extensive game of Whack-a-mole with Tamper Protection Alerts, I was unconcerned at first. However, these are different for several reasons.
- Tamper Protection is actually stopping the process of installation, upgrade, or removal of JAVA
- They are triggering from the specific user's temp folder
- The alerts are triggered by pseudo-randomly named files that are created by the installer during the process.
I tried to create an exception for all files that start with MSI* in a specific folder, but was unable to. I also tried to except the entire temp folder (as a test, I wouldn't leave it that way) and was unable to create that exception either.
This is an example of an Alert:
Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
Event Info: Open Process
ActionTaken: Blocked
Actor Process: C:\USERS\<name>\APPDATA\LOCAL\TEMP\MSI51de.msi
Time: Monday, April 01, 2013 1:47:16 PM
Any ideas?