Windows application event log shows a "Tamper Protection Alert" with Event ID 45.
The target is the "luall.exe" and the actor process is "SAVFMSELive.exe".
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
Event Info: Terminate Process
Action Taken: Logged
Actor Process: C:\Program Files\Symantec\SMSMSE\6.5\Server\SAVFMSELive.exe (PID 8252)
Time: Day, Date Time
Symantec Mail Security for Microsoft Exchange (SMSMSE) is accessing LiveUpdate. The Symantec Endpoint Protection client is recognizing the process.
In order to prevent these messages, SEP's Tamper Protection can now be configured with exclusions. Or to be more accurate, processes can be excluded from Tamper Protection in the new Centralized Exceptions feature.
Open Symantec Endpoint Protection Manager / Symantec Protection Center.
In the SEPM/SPC, choose the Policies section in the left pane.
Open an existing "Centralized exception policy" or create a new policy.
Choose "Centralized Exceptions" and go to "Add" > "Tamper Protection Exception".
Specify the path (prefix) and the full path to the file.
Click "OK" and close the policy.
Under "Tasks" assign the policy to the specific group(s).
Imported Document ID: TECH164007
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe