Unable to kill Backup Exec for Windows Servers (BEWS) processes on a system running Symantec AntiVirus Corporate Edition 10.x

Problem

Unable to kill Backup Exec for Windows Servers (BEWS) processes on a system running Symantec AntiVirus Corporate Edition 10.x

Cause


The Backup Exec processes are protected by Symantec AntiVirus Tamper Protection. Tamper Protection is a new feature in Symantec AntiVirus Corporate Edition 10.x and Symantec Client Security 3.x. Tamper Protection provides real-time protection for Symantec applications. It prevents Symantec processes and internal objects from being attacked or affected by non-Symantec processes such as worms.

 
 
When Tamper Protection blocks a non-Symantec application from interfering with a BESR process, the server application log reports the following Event ID:
 
 
Event ID 45:
 
SYMANTEC TAMPER PROTECTION ALERT 
Target:  C:\Program Files\Symantec\Backup Exec\((BEWS PROCESS))
Event Info:  Suspend Thread
 
Action Taken:  Blocked
Actor Process: C:\WINDOWS\system32\taskmgr.exe (PID 7136)
 

Solution

 
Workaround:
 
To resolve this issue, disable Symantec Tamper Protection:
 
1. Perform the following:
 
On a client installation: Right-click a server or server group, and then click All Tasks > Symantec AntiVirus > Client Tamper Protection Options.
 
On a server installation: Right-click a server or server group, and then click All Tasks > Symantec AntiVirus > Server Tamper Protection Options.
 

2. Uncheck Enable tamper protection. (Figure 1)

Figure 1
 

 
For additional information refer to the following document:
 
 

 

 

 

Terms of use for this information are found in Legal Notices.

Search

Survey

Did this article answer your question or resolve your issue?

No
Yes

Did this article save you the trouble of contacting technical support?

No
Yes

How can we make this article more helpful?

Email Address (Optional)