• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Tamper Protection More Hindrance Than Help?

Is Tamper Protection really worth leaving enabled?

I have to question whether it is more of a nuisance than a help after an incident that occured today.

My system froze due to what was clearly a non-malware related issue.  So I had to do a hard shutdown.  When the system rebooted I got some ominous error about how XP could not make an image of my registry and could not restore something-or-other.  My desktop (including icons) and appearance settings were all back to how they looked the first day I had the pc. It appeared my programs were now on the (re-formatted) start menu, although I did not test them.

The NIS icon was gone -- maybe a good thing, as you'll see.  I rebooted into Safe Mode and did a System Restore.  This brought things back to nearly normal, with the major exception that the NIS icon was gone, even though ccSvcHst was running (with a CPU of zero) and the NIS service (I still have 17.1.0.19) was shown as running in services.  I could NOT get the icon back by starting NIS 2010 from the Start Menu.  To see if NIS was REALLY functioning even though the interface was gone, I briefly went back online and downloaded the simplest version of the eicar test virus, and a context-menu scan of it (for some reason that option was still there) indicated no problem.  So clearly NIS was hosed.

So I tried to do another System Restore to a day earlier, and this time I got the "can't restore" message that Tamper Proection causes unless temporarily disabled.  But I couldn't disable Tamper Protection because, as I said, I couldn't get the settings interface to come up.  So I have to assume that somehow Tamper Protection was still active and that that's why all my further System Restore attempts came up as "can't restore."  Nice little catch-22 there.  So I had to reinstall NIS.

So is it worth having Tamper Protection enabled if it can keep you from doing a System Restore after a non-malware-related crash that hoses much of NIS -- but apparently leaves Tamper Protection running and non-dsable-able?

On a related note:  Does Tamper Protection function in Safe Mode?  If not, maybe that is why I was able to do that first restore, and offers a solution to the catch-22.

Also:  Even though I have tracking-cookie scanning set to "ignore" on my *other* NIS 2010 pc, and have not made any settings changes (and, as I said, have NOT yet been upgraded to the brand new inline release), a scan I did today reported tracking cookies.  So I checked and the setting has changed to "ask me."  Ever heard of something like this happening spontaneously?

Message Edited by Ardmore on 01-14-2010 10:34 PM

Replies

Kudos0

Re: Tamper Protection More Hindrance Than Help?

Is Tamper Protection really worth leaving enabled?

I have to question whether it is more of a nuisance than a help after an incident that occured today.

My system froze due to what was clearly a non-malware related issue.  So I had to do a hard shutdown.  When the system rebooted I got some ominous error about how XP could not make an image of my registry and could not restore something-or-other.  My desktop (including icons) and appearance settings were all back to how they looked the first day I had the pc. It appeared my programs were now on the (re-formatted) start menu, although I did not test them.

The NIS icon was gone -- maybe a good thing, as you'll see.  I rebooted into Safe Mode and did a System Restore.  This brought things back to nearly normal, with the major exception that the NIS icon was gone, even though ccSvcHst was running (with a CPU of zero) and the NIS service (I still have 17.1.0.19) was shown as running in services.  I could NOT get the icon back by starting NIS 2010 from the Start Menu.  To see if NIS was REALLY functioning even though the interface was gone, I briefly went back online and downloaded the simplest version of the eicar test virus, and a context-menu scan of it (for some reason that option was still there) indicated no problem.  So clearly NIS was hosed.

So I tried to do another System Restore to a day earlier, and this time I got the "can't restore" message that Tamper Proection causes unless temporarily disabled.  But I couldn't disable Tamper Protection because, as I said, I couldn't get the settings interface to come up.  So I have to assume that somehow Tamper Protection was still active and that that's why all my further System Restore attempts came up as "can't restore."  Nice little catch-22 there.  So I had to reinstall NIS.

So is it worth having Tamper Protection enabled if it can keep you from doing a System Restore after a non-malware-related crash that hoses much of NIS -- but apparently leaves Tamper Protection running and non-dsable-able?

On a related note:  Does Tamper Protection function in Safe Mode?  If not, maybe that is why I was able to do that first restore, and offers a solution to the catch-22.

Also:  Even though I have tracking-cookie scanning set to "ignore" on my *other* NIS 2010 pc, and have not made any settings changes (and, as I said, have NOT yet been upgraded to the brand new inline release), a scan I did today reported tracking cookies.  So I checked and the setting has changed to "ask me."  Ever heard of something like this happening spontaneously?

Message Edited by Ardmore on 01-14-2010 10:34 PM
Accepted Solution
Kudos2 Stats

Re: Tamper Protection More Hindrance Than Help?

Hi Ardmore,

It sounds like your Windows user profile might have been damaged in the freeze and hard shutdown, and after the reboot you were logged into a temporary user profile (did you see this error message: " Windows cannot load your profile because it may be corrupted. You may be logged in using a temporary User Profile."?).  This would explain the "default desktop."  It is possible that Norton was actually working but that the program was not responding in the temporary user account.  This does not explain the eicar file failing to get some attention, however - unless you were in Safe mode at the time.

Since Norton does not run in Safe mode, I would guess (and it is only a guess) that Norton Product Tamper Protection is also not running, and that may indeed be why System Restore worked so well for you in that instance.  When you do a hard reboot you can get directory errors that could also cause issues like you experienced.  You might want to run Chkdsk and have it fix whatever errors it finds.

Norton Product Tamper Protection is a pretty important safeguard against malware shutting down your protection.  A situation like yours happens infrequently and at worst, might require an uninstall/reinstall of Norton which takes only 10 or 15 minutes with the newer versions.  I would say the risks from disabling Tamper Protection would far outweigh the benefit of having to endure a bit less inconvenience on the rare occasions when things go wrong.

Kudos0

Re: Tamper Protection More Hindrance Than Help?

Thanks, SendOfJive!  That nicely addresses just about every question and concern about what happened.  I did see the message "Windows cannot load your profile because it may be corrupted. You may be logged in using a temporary User Profile."

BTW, I tried to reply awhile ago but while the site would let me click "Solved!" it wouldn't let me post at the time due to maintenance, presumably related to implementation of the new look I see here today.

Kudos0

Re: Tamper Protection More Hindrance Than Help?

Hi Ardmore,

You're welcome, and I'm glad my hunch about the temporary profile was useful.  Hope everything is back to running normally for you.

This thread is closed from further comment. Please visit the forum to start a new thread.