Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

App Control Server: All Supported Versions
App Control Agent: All Supported Versions
Third Party Security/Antivirus Product

Symptoms

Agent or Server Exclusions have been added to third party product.
Agent or Server still generating Tamper Protection Events.

Cause

There are a few potential causes in this situation:

The exclusions in the third party product are incomplete.
The endpoint has not yet received the exclusions in the third party product.
The third party product is not honoring the exclusions.

Resolution

Verify which third party product is triggering Tamper Protection.
Verify the third party product is not missing an Agent (Linux, macOS, Windows) or Server Exclusion.
Contact the third party vendor to determine why the exclusions are not being honored.

Additional Notes

Tamper Protection is designed to protect the Agent or Server from unauthorized modification.
Allowing processes to interfere with the operation of the Agent or Server could cause stability or security issues.

Related Content

App Control: Determine What Process is Triggering Tamper Protection
App Control: Antivirus Exclusions for Server
App Control: Anti-Virus Exclusions for Agent (Linux)
App Control: Anti-Virus Exclusions for Agent (macOS)
App Control: Anti-Virus Exclusions for Agent (Windows)

Article Information

Author:

Creation Date:

‎11-16-2023

Views:

250

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.