Control Center 4.0 and Endpoint Security and Control 10.2 Tamper Control

Hello Vandal,

first of all, the Small Business board might be the better place to ask. Nevertheless - AFAIK SCC (whether 4.0 or 4.1) is not aware of TP (it's Tamper Protection, not Control) and TP should not be on by default. Is it really enabled on all clients? - in which case you should contact Support.

It might be possible to configure the CID with a disabled policy (please see Using ConfigCID.exe ... and Using ExportConfig.exe ... where to place the file (should be named - case sensitive - savconftp.xml) containing the following:

<?xml version="1.0" encoding="UTF-8"?>
<policy type="tamperprotection" xmlns="com.sophos\mansys\policy" xmlns:csc="com.sophos\msys\csc"><csc:Comp RevID="FactoryDefault" policyType="19"></csc:Comp><configuration xmlns="http://www.sophos.com/xml/msys/tamperprotectionpolicy.xsd"><disabled></disabled></configuration></policy>

 Can't say if this will work but you might want to try. BTW: You are likely entitled to an upgrade of SCC to SEC.

Christian

We found a password for the Tamper Control for ESC on the server running Control Center 4.0.

When we change one of the client computers to local control at the console. "Authentcate user" back at the client ESC is still grayed out as well as "Configure Tamper Control". How to we sieze local control of Tamper Protection on the local client ESC? We want to go back to individual control and protection on the clients.

We don't know if TP is enabled on all clients or not. All three items under TP on the Dashboards are grayed out. Also Configure Firewall is grayed out. And although we can access  Configure Updating we cannot change the Primary location information on any of the clients. We appear to lack rights on our own workstations to control the client ESCs. However the central console is acting solely to push updates out to the clients. BTW we are a wired network of only four clients and a server running WinServer 2008.

Hello Vandal,

don't have experience with SCC, a look at he manual suggests though that local control  is set per computer for an individual policy (by delesecting Use central configuration) - as said, SCC is not aware of TP (if this is available for TP at all). Might be that TP has effectively no effect in an SCC environment (the default being Use central configuration, i.e. not configurable on the endpoint, resulting in TP being per default off when there is not policy) and that what you see is correct. An SCC/ESC 10.2 combination is possible but might have some intricacies - perhaps you should give Support a call and ask how it's supposed to work.

Christian 

Hello Vandal,

we cannot change the Primary location

that's also the case in an SEC environment - it's possible to work around but it can't be centrally enabled (it doesn't make sense anyway in a manged environment). You should be able though to configure the other policies if Use central configuration is deselected fot the policy.

push updates - every time I see this I have to point out that updates are not pushed to the clients (they are of course written - deployed as it is called - to the CID). It's the client making a connection (UNC or HTTP) to the CID and downloading them - if the clients fails to do so there is no way to push them.

Christian