Let's do a quick review of this "conflict":
Symantec Resource Protection logs multiple entries indicating that Defender
is accessing some of the Symantec files.
The Defender Real-time module that performs this access appears to be the
Application Execution agent, which per WD Help; "Monitors when programs start
and any operations they perform while running."
Since the Defender AE agent would likely perform at least an md5 check to
determine if the Symantec executables are malware, this is also likely to
trigger the Symantec Resource Protection to indicate an "Unauthorized
access", which is really nothing more than a read of the file. Obviously this
is an over-reaction, but this is what the Symantec Resource Protection is
designed to do, since it didn't 'authorize' Defender's access.
At this point it appears that the result is nothing more than log entries of
these file access attempts that Symantec Resource Protection blocks and
indicates as "Unauthorized access", which sounds far more threatening than it
really is.
Since it's the Symantec Resource Protection that's deciding that Defender is
'attacking' and Defender itself seems to experience no ill effects, even due
to the block caused by Symantec Resource Protection, there doesn't appear to
be a real problem, and if there is, it's the logging of the entries by
Symantec Resource Protection.
Conclusion: Contact Symantec Support and ask them to stop detecting the
Defender file reads as an Unauthorized access, or disable the Defender
Application Execution agent (which protects from far more important things
than SRP), or disable the Symantec Resource Protection, or better yet, simply
ignore this useless false positive detection by Symantec Resource Protection.
Moral: AntiMalware that watches itself is like watching yourself twiddle
your thumbs, while your house is burning down around you.
Bitman
"mec" wrote:
> A solution could be to be able to choose some exclusions (in this case for
> the Symantec applications), defined by the user, for the "Application
> Execution" module.
>
> "joris" wrote:
>
> > in a quick test this seems to be working for me also , only downside this way
> > you are lowering the defense of defenders real-time protection....
> >
> > one thing is for sure the new engine 1440.0 is not helping to resolve the
> > problem so i think it is a difficult problem....
> >
> >
> > "mec" wrote:
> >
> > > I have made some attempts:
> > > If in Windows Defender, under Tools/Options/Real-time Protection Options, it
> > >
> > > is unchecked the "Application Execution" module (only), nothing appears
> > > anymore in the Log of "Symantec resource protector".
> > >
> > > It would seem clear, therefore, that the conflict is caused only by the
> > > "Application Execution" module of the Real time protection.
> > > I hope that this a little bit helps the developers for resolving the ISSUE!
|
Similar Threads
