Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
Symptoms
Events in the Console similar to:
Agent tampering prevented (DOMAIN\PCNAME). Modification of 'c:\programdata\bit9\parity agent\cache.chk-journal' by 'NT AUTHORITY\SYSTEM' was blocked because of tamper protection.
Cause
An application is attempting to scan or modify one or more files/folders that the Agent relies upon. The Agent uses Tamper Protection to protect against unauthorized modification of these files.
Resolution
Determine what process is triggering these Events and add the necessary exclusions to that product:
- Log in to the Console and navigate to Reports > Events:
- Click Show Filters > Subtype > is: Tamper Protection > Apply.
- Click Show Columns > Process > Apply.
- Adjust the Max Age accordingly.
- Add the Agent Exclusions to the product(s) that are triggering Tamper Protection.
Additional Notes
Failure to add Agent Exclusions could lead to Unanalyzed Blocks or other instability issues.
Related Content