Hi Everyone
Our SCCM client has been upgraded from SCCM 2007 to 2012.
Now, when the PC is rebooted, we are getting this in eventlogs on all the workstations.
------------------
Scan type: Tamper Protection Scan
Event: Tamper Protection Detection
Security risk detected: C:\WINDOWS\CCM\CCMEXEC.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\DWHWizrd.exe
Location: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin
Computer: computername
User: SYSTEM
Action taken: Leave Alone
Date found: Thursday, 22 October 2015 7:17:47 AM
--------------------
Sometimes, this comes up with different filename:
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
If i restart the SCCM client service (ccmexec) this event gets logged straight away.
Does anyone know why this is happening? False positive?
Could CCMEXEC be doing its own kind of scan when starting up, that is upsetting SEP?
Any workaround?
Thanks,
DM