Version

All

Issue

The following Tamper Protection events are showing in the Bit9 console:

"Bit9 Agent blocked an attempt to create 'c:\programdata\bit9\parity agent' by 'NT AUTHORITY\SYSTEM' because of tamper protection"

Symptoms

The events are coming from machines that have trusted directories.

The process causing those Tamper Protection event is coming from: c:\programdata\bit9\parity agent\crawl\b9temp\...

For example:

c:\programdata\bit9\parity agent\crawl\b9temp\123\myInstall.exe

Cause

Those events are a side effect of the crawl activity on files placed in Trusted Directories

Solution

Those are false positive Tamper Protection messages that can be ignored.

This will be fixed in version 8.0.0.