Page 1 of 1

symantec warnings

PostPosted: 11. February 2013 12:29
by melanie
I have recently installed XAMPP for Windows, version 1.8.1, with control panel version, and it is working pretty well, but I get warnings from Symantec that look like this:


Target: C:\Program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971
Event Info: Create Process
Action Taken: Logged
Actor Process: C:\XAMPP\XAMPP-CONTROL.EXE (PID 3464)
Time: etc.

I went into Change Settings -> Exceptions -> Configure Settings, and put the following into the list of User-defined Exceptions:
C:\xampp\xampp-control.exe All Scans Ignore
C:\xampp\xampp-start.exe All Scans Ignore

to no avail.

Any suggestions?

Re: symantec warnings

PostPosted: 11. February 2013 16:50
by JonB
I don't use Symantec - BUT

It wouldn't be a 'scan' option, those are for pattern recognition of files on disk. It would be some kind 'firewall'/'live' protection. Symantec is complaining that XAMPP's Control Panel seems to be launching other processes (like malware might) that would interfere with Symantec. Its a behavior issue. I also do not understand why XAMPP would trigger that, maybe its a Port 80 issue. ... 6200576f9d

You might want to contact Symantec or use their support forums.

Good Luck

Re: symantec warnings

PostPosted: 13. February 2013 19:21
by chetan_savade

I am Chetan Savade from Symantec Technical Support team.

Following are the two fixes in SEP 12.1 RU1 MP1 version.
Tamper Protection exceptions are not honored (
Fix ID: 2580578
Symptom: Tamper Protection exceptions are not honored. An excluded process will trigger tamper protection.
Solution: The SEP client was sending a delta of the exclusion list to the BASH component. The client was modified to send the complete list to resolve this issue.

Folder/file exclusions in SEPM will not accept the ampersand (&) character
Fix ID: 2564781
Symptom: The ampersand (&) character is a valid file/folder-name character on both Windows and Macintosh. Folder/file exclusions in SEPM do not accept the ampersand (&) character.
Solution: SEPM was modified to allow the ampersand (&) character in file/folder exclusions.

Reference: ... TECH187656

SEP 12.1.671.4971 is old version & was released in 2011.

By looking at above two fix id's I would also suggest to upgrade to the latest SEP version i.e. SEP 12.1 RU2 (12.1.2015.2015)

Tamper protection related articles:
Creating a Tamper Protection exception:
How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

Thanks and Regards,
Chetan Savade
Technical Support Engineer,
End Point Security
Enterprise Technical Support
Symantec Corporation

Re: symantec warnings

PostPosted: 19. February 2013 14:15
by melanie
Problem solved, but in a strange way, so I will post it here in case this helps others.

I asked my university for help in upgrading my symantec, and they sent me a link to their current symantec download. They claimed it would be the version Chetan recommended. I uninstalled Symantec and re-installed with the new download. I got exactly the same version, judging by the version number.

However, I stopped getting the warnings, even without defining an exception.

My working hypothesis is that I could have avoided the whole mess if I had turned off symantec temporarily before installing xampp.

Re: symantec warnings

PostPosted: 20. February 2013 17:32
by JonB

A: I'm glad its working

B: I agree with your analysis

Good Luck with XAMPP