Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2711 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need help with Sophos Endpoint Protection 10

iStalk

Dear developers, please tell me how to implement the means Sophos, a moment ...

On a PC locally installed Sophos Endpoint Protetstion 10, and a user who works on this PC has administrator privileges, they can not be lower ... he is an administrator on the PC, how to realize that it can not change, delete files from the folder c: \Program Files\Sophos\, as well as he could formally updated with the website?

:24127


This thread was automatically locked due to age.
Parents
  • 0

    Why Sophos can not make the protection of that folder?

    As I said, this is not Sophos' shortcoming. And TP is neither the magic wand nor does Sophos say so. To quote from the help: 

    Note: Tamper protection is not designed to protect against users with extensive technical knowledge. It will not protect against malware which has been specifically designed to subvert the operation of the operating system to avoid detection.

    Whatever mechanism you use there has to be a way to get into the machine in case of a malfunction (unless you design it in a way that tampering leads to self-destruct - similar to smart cards - but that's clearly not desirable). An administrator can always invoke Windows' recovery functions. Booting from an external medium is another way to manipulate an installation (you could thwart these attempt with encryption). No matter how you look at it - it boils down to either implement self-destruct (which you wouldn't want to risk in case the machine could contain important data) or kernel modification (which is apart from legal implications not a simple thing and beyond the task of a product like Sophos).

    Christian

    :24165
Reply
  • 0

    Why Sophos can not make the protection of that folder?

    As I said, this is not Sophos' shortcoming. And TP is neither the magic wand nor does Sophos say so. To quote from the help: 

    Note: Tamper protection is not designed to protect against users with extensive technical knowledge. It will not protect against malware which has been specifically designed to subvert the operation of the operating system to avoid detection.

    Whatever mechanism you use there has to be a way to get into the machine in case of a malfunction (unless you design it in a way that tampering leads to self-destruct - similar to smart cards - but that's clearly not desirable). An administrator can always invoke Windows' recovery functions. Booting from an external medium is another way to manipulate an installation (you could thwart these attempt with encryption). No matter how you look at it - it boils down to either implement self-destruct (which you wouldn't want to risk in case the machine could contain important data) or kernel modification (which is apart from legal implications not a simple thing and beyond the task of a product like Sophos).

    Christian

    :24165
Children
No Data