Access official resources from Carbon Black experts
The following Tamper Protection events are showing in the Bit9 console:
"Bit9 Agent blocked an attempt to create 'c:\programdata\bit9\parity agent' by 'NT AUTHORITY\SYSTEM' because of tamper protection"
The events are coming from machines that have trusted directories.
The process causing those Tamper Protection event is coming from: c:\programdata\bit9\parity agent\crawl\b9temp\...
Those events are a side effect of the crawl activity on files placed in Trusted Directories
Those are false positive Tamper Protection messages that can be ignored.
This will be fixed in version 8.0.0.