After configuring a Tamper Protection exception in the Symantec Endpoint Protection 12.1 console, the excluded application is still generating Tamper Protection alerts on the SEP clients.
Tamper Protection exclusions in SEP 12.1 do not take effect until the excluded executable is restarted. Processes started before (and still running after) the SEP client received the policy containing the exception will not be excluded.
Close and re-open the excluded application, or reboot the machine if the excluded executable is a service or other constantly running process.
If a reboot of the machine still does not allow the exclusion to take effect, please see article: TECH171057
Imported Document ID: TECH178526
Subscribing will provide email updates when this Article is updated. Login is required.