Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 3862 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Tamper Protection is not enough

Camelot

Hi,

i have a question about the Tamper Protection.

It is a nice feature to prevent user from killing the On-Access security, but they are all still capable to set Exceptions on folders, files or whole drives....

Is there a chance for usn to prevent users from adding these exclusions to the local client installation?

:44133


This thread was automatically locked due to age.
Parents
  • 0

    Hello Camelot,

    the usual preamble: If you don't want that your users can perform administrative tasks don't give them administrative rights - or the other way round, if your users have administrative rights they can more or less do anything they wish (with AD you can lock down local administrators during normal operation but still, they are administrators).

    still capable to set Exceptions

    Only for On-Demand - this of course affects scheduled and Full System scans. The extent of available configuration options has also been discussed during Beta tests - especially what administrators should be allowed to authorize or by bypass (e.g. suspicious files/behaviour or Web Control) when TP is enabled. The bottom line is - if you don't trust your administrators to make responsible decisions you shouldn't give them administrator rights in the first place.

    Christian 

    :44151
Reply
  • 0

    Hello Camelot,

    the usual preamble: If you don't want that your users can perform administrative tasks don't give them administrative rights - or the other way round, if your users have administrative rights they can more or less do anything they wish (with AD you can lock down local administrators during normal operation but still, they are administrators).

    still capable to set Exceptions

    Only for On-Demand - this of course affects scheduled and Full System scans. The extent of available configuration options has also been discussed during Beta tests - especially what administrators should be allowed to authorize or by bypass (e.g. suspicious files/behaviour or Web Control) when TP is enabled. The bottom line is - if you don't trust your administrators to make responsible decisions you shouldn't give them administrator rights in the first place.

    Christian 

    :44151
Children
No Data