How to collect the Tamper Protection log from Symantec Endpoint Protection Manager in Symantec Endpoint Protection
Article ID: 155991
Updated On:
Products
Issue/Introduction
It is desired to see which processes are generating Tamper Protection events across the network in Symantec Endpoint Protection. What steps are needed to collect the SEP Tamper Protection log from the Symantec Endpoint Protection Manager (SEPM)?
Resolution
Steps to Collect the Tamper Protection (applications being blocked) from SEPM 14.x:
1) Select "Monitors" tab
2) Select Log Type as "Application and Device Control"
3) Select Log Content as "Application Control"
4) Select Advanced Settings
5) Select Event Type as "Tamper Protection"
6) Select Action as "All", "Allow", "Block", "Ask", "Continue", or "Terminate"
Optional : Group as * for all the groups (default) or select the specified group. As same for Site, Domain, Server, Computer, IP address.
7) Select "View log"
Refer the screen shot below.
Feedback
