This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

not fully tamper protected

evaluating the latest endpoint protection deployed from the console (ver 5.2.1 R2). i have enabled tamper protection but some parts of the user AV is still not greyed out.

how can we prevent users from changing AV settings? even prevent uninstalling by them?

This thread was automatically locked due to age.

Parents

0 jak over 11 years ago

Hello,
Tamper protection will prevent users uninstall the Sophos Components even if they are an administrator.
Much of the security is handled through the local Sophos groups:
*SophosAdministrator
*SophosPowerUser
*SophosUser
You could setup "Restricted Groups" on these through Group Policy - http://support.microsoft.com/kb/279301, to define who is a member of them. By defualt local acmins will be added to SophosAdministrator, local power users to SophosPowerUser, and local users to SophosUser.
I suppose you could also setup a software restriction policy to prevent SAVMain.exe being launched.
Regards,
Jak
:50504
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 11 years ago

Hello,
Tamper protection will prevent users uninstall the Sophos Components even if they are an administrator.
Much of the security is handled through the local Sophos groups:
*SophosAdministrator
*SophosPowerUser
*SophosUser
You could setup "Restricted Groups" on these through Group Policy - http://support.microsoft.com/kb/279301, to define who is a member of them. By defualt local acmins will be added to SophosAdministrator, local power users to SophosPowerUser, and local users to SophosUser.
I suppose you could also setup a software restriction policy to prevent SAVMain.exe being launched.
Regards,
Jak
:50504
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data