Tamper protection events from an executable that is under parity's own directories

Tamper protection events from an executable that is under parity's own directories

Version

All

 

Issue

The following Tamper Protection events are showing in the Bit9 console:

"Bit9 Agent blocked an attempt to create 'c:\programdata\bit9\parity agent' by 'NT AUTHORITY\SYSTEM' because of tamper protection"

 

Symptoms

The events are coming from machines that have trusted directories.

 

The process causing those Tamper Protection event is coming from: c:\programdata\bit9\parity agent\crawl\b9temp\...

 

For example:

c:\programdata\bit9\parity agent\crawl\b9temp\123\myInstall.exe

 

Cause

Those events are a side effect of the crawl activity on files placed in Trusted Directories

 

Solution

Those are false positive Tamper Protection messages that can be ignored.

This will be fixed in version 8.0.0.

Labels (1)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎08-25-2015
Views:
812
Contributors