Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ESAC 9.7: Completely disable Access to GUI

MPro

Hello,

we are just implementing Sopohs ESAC 9.7 and SEC 4.7.

We have a lot of users that are local admins (yes, they have to be) and i want to keep manipulations to the scanner to a minimum.

Just using the Manipulation Policy is not enough in my oppinion. You can still, for example, remove ".exe" from the

files-to-scan list or play with the firewall settings.

What i want is that there is of course an icon in the taskbar area (saying: stay calm, you are protected), but you can not right-click it and open the sophos gui, or that gui will show nothing but some useless information.

Is that possible?

thanks and best regards,

Marcs

:15115


This thread was automatically locked due to age.
Parents
  • 0

    Hello Marcs,

    You can still, for example, remove ".exe" from the files-to-scan list

    With TP on the On-access settings can't be changed. I guess you are referring to the On-demand extensions and exclusions. If the user doesn't request an on-demand scan nothing is scanned at all :smileywink:

    The firewall settings are not (yet) protected.

    If you are in an AD environment you could restrict the usage of SavMain.exe with a GPO.

    Generally I question the they have to be [local admins] , followed by: "If they have to be then they should act responsibly ". 

    Christian

    :15121
Reply
  • 0

    Hello Marcs,

    You can still, for example, remove ".exe" from the files-to-scan list

    With TP on the On-access settings can't be changed. I guess you are referring to the On-demand extensions and exclusions. If the user doesn't request an on-demand scan nothing is scanned at all :smileywink:

    The firewall settings are not (yet) protected.

    If you are in an AD environment you could restrict the usage of SavMain.exe with a GPO.

    Generally I question the they have to be [local admins] , followed by: "If they have to be then they should act responsibly ". 

    Christian

    :15121
Children
No Data