Version
All
Issue
The following Tamper Protection events are showing in the Bit9 console:
"Bit9 Agent blocked an attempt to create 'c:\programdata\bit9\parity agent' by 'NT AUTHORITY\SYSTEM' because of tamper protection"
Symptoms
The events are coming from machines that have trusted directories.
The process causing those Tamper Protection event is coming from: c:\programdata\bit9\parity agent\crawl\b9temp\...
For example:
c:\programdata\bit9\parity agent\crawl\b9temp\123\myInstall.exe
Cause
Those events are a side effect of the crawl activity on files placed in Trusted Directories
Solution
Those are false positive Tamper Protection messages that can be ignored.
This will be fixed in version 8.0.0.