Forum Discussion

sysad's avatar
sysad
Level 3
17 years ago

DLO & Tamper protection

With DLO 12 in Pilot testing we've discovered that Symantec AntiVirus Tamper protection is causing this error in event logs:
 
 
SYMANTEC TAMPER PROTECTION ALERT
Target:  C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe
Event Info:  Write Memory
Action Taken:  Blocked
Actor Process:  C:\WINDOWS\System32\svchost.exe (PID 348)
 
What do we do? Can't find a way to specify certain files or folders in AntiVirus where I can mark as safe for tamper protection
12.x and Earlier
Backup and Recovery
Backup Exec

4 Replies

Sort By
  • tsr's avatar
    tsr
    17 years ago
    I've spotted the same error on a Windows XP client using DLO 11d and SAV 10. The error occurs multiple times during system start up and shut down. The actor process in question is svchost.exe -k netsvcs.
     
    It doesn't seems to be causing any issues as the SAV start up scan completes successfully and doesn't report any issues and the users files are being backed up successfully. However, it would be nice to know why this is happening and how to stop the errors being generated.
     
    Anyone got any ideas?
  • fedgeek's avatar
    fedgeek
    Level 2
    17 years ago
    I have exactly the same problem on several systems.
    shows up as event 45.  the bad thing is that were we to have a real tamper event, it is masked by the clutter of the DLO interaction events.
  • Jay_Carnes's avatar
    Jay_Carnes
    Level 3
    17 years ago
    I also had this problem... I spoke with a Symantec rep, and he suggested that I add the DLO folder to the SAV exception list. After this, everything appears to work fine.
  • Jay_Carnes's avatar
    Jay_Carnes
    Level 3
    17 years ago

    I actually have to tkae that back.... after adding the exception, I find that I am getting another error: 

     

    This time it flags C:\Windows\System32\svchost.exe  (Probably checking for updates) 

     

    Does anyone at Symantec test their software before they release it?