Access official resources from Carbon Black experts
The following Tamper Protection events are showing in the Bit9 console:
"Bit9 Agent blocked an attempt to create 'c:\programdata\bit9\parity agent' by 'NT AUTHORITY\SYSTEM' because of tamper protection"
The events are coming from machines that have trusted directories.
The process causing those Tamper Protection event is coming from: c:\programdata\bit9\parity agent\crawl\b9temp\...
Those events are a side effect of the crawl activity on files placed in Trusted Directories
Those are false positive Tamper Protection messages that can be ignored.
This will be fixed in version 8.0.0.
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.