Tamper Protection provides real-time protection for Symantec applications that run on servers and clients. It prevents non-Symantec processes such as worms, Trojan horses, viruses, and security risks, from affecting Symantec resources. You can configure the software to block or log attempts to modify Symantec resources.
Tamper Protection runs on Windows clients only. It does not run on Mac or Linux clients.
By default, Tamper Protection is enabled and is set to Block and do not log. You can change the setting to Log only or Block and log if you want to monitor the detections for false positives. Tamper Protection can generate many log messages, so you might not want to log the events.
If you use any third-party security risk scanners that detect and defend against unwanted adware and spyware, these scanners typically affect Symantec resources. If you set Tamper Protection to log tamper events when you run such a scanner, Tamper Protection generates a large number of log entries. If you decide to log Tamper Protection events, use log filtering to manage the number of events.
You can create exceptions for the applications that Tamper Protection detects.