cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Symantec Tamper Protection Alert - beremote.exe problem

Union_2
Not applicable

‎05-11-2007 11:25 PM

I am receiving the following error all of a sudden:

Event Type: Error
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 45
Date: 5/11/2007
Time: 10:22:52 PM
User: NT AUTHORITY\SYSTEM
Computer: BACKUP2
Description:

SYMANTEC TAMPER PROTECTION ALERT

Target: D:\Program Files\Symantec\Backup Exec\beremote.exe
Event Info: Suspend Thread
Action Taken: Blocked
Actor Process: C:\WINDOWS\System32\svchost.exe (PID 1356)
Time: Friday, May 11, 2007 10:22:52 PM

The only thing that has change on the server is we updated the virus definition on Symantec Client Security 10.1.5.5, other than that nothing has changed.

Our backups will not run anymore. They sit saying "stalled" after running for about 1 minute.

Any help will be much apreceated.

0 Kudos
3 REPLIES 3

SteveVRTS
Level 6
Employee

‎05-14-2007 07:35 AM

Do you know what build of Backup Exec 11d you are on?  Do a help->about in BE and check if you are at rev. 7170.  If you are still on the older build, I would suggest to upgrade.
Here is a link for you.

http://esdownload.symantec.com/akdlm/CD/MTV/BEWS_11D.7170_32BIT_VERSION.zip

0 Kudos

Redfire_05GT
Not applicable
Partner

‎07-24-2009 12:45 PM

Just inherited client who is running BEWS 11D 7170 SP4 and SAV 10.1.5.5000 Scan engine 81.3.0.13

Enabled AOFO for them using Microsoft Windows Server 2003 VSS and now BEREMOTE gets terminated by Tamper Protection:

Event Type: Error
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 45
Date: 7/24/2009
Time: 1:16:13 AM
User: NT AUTHORITY\SYSTEM
Computer: WR-SERVER
Description:

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Backup Exec\beremote.exe
Event Info: Suspend Thread
Action Taken: Blocked
Actor Process: C:\WINDOWS\System32\svchost.exe (PID 2336)
Time: Friday, July 24, 2009 1:16:13 AM

Followed by:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 7/24/2009
Time: 1:16:15 AM
User: N/A
Computer: WR-SERVER
Description:
Faulting application beremote.exe, version 11.0.7170.32, faulting module bedssql2.dll, version 11.0.7170.48, fault address 0x00035129.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Disable Tamper Protection is the only solution: http://seer.entsupport.symantec.com/docs/288444.htm

and no ability to exclude processes was ever made: service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005050310252848

Thank you Symantec for not fixing this problem!
0 Kudos

pnewell
Level 4

‎07-29-2009 07:18 AM

I too was getting these messages after I setup 12.5 on a new server (was running 11d on an old one).  It actually caused my backups to fail.

If I added the path of the BERAWS directory and "x:\Backup Exec AOFO Store" (hidden folder; where x:\ is potentially any drive letter or mount point for your servers) to the "Exclusions" list (under "Client Auto-Protect Options") of my servers' SAV group the tamper/termination problem went away.
Yes, I still have tamper protection enabled (Block).
0 Kudos