![]() ![]() For information on how to submit a file to Security Response this please read How to Use the Web Submission Process. If you suspect the Actor Process could be a potential threat to your environment, you should submit the suspicious process to Symantec Security Response for analysis.In SEP you can set the action to "log the event only." See Tamper Protection. Alternatively, you can also change the actions taken on the event. Select the tab Tamper protection and check the check box protect Symantec security software from being tampered with or shutdown. For more information, please read Creating a Tamper Protection exception on Windows clients. If you are using Symantec Endpoint Protection (SEP) you might want to consider adding a Tamper Protection exclusion. If the Actor Process is a legitimate process:.Next consider if the Actor Process is a valid process or could it be suspicious?.The Action Taken is the action that Tamper Protection performed to respond to the attack. ![]() The Actor Process is process that is doing the attacking. The Target is the process which is being attacked. ![]() In the alert you should firstly identify the Target, the Actor Process and the Action Taken.Tamper Protection events may be caused by malware or may be caused by legitimate software which tries to access files and registry keys used by SEP. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |