Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 19927 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

not fully tamper protected

rino19ny

evaluating the latest endpoint protection deployed from the console (ver 5.2.1 R2). i have enabled tamper protection but some parts of the user AV is still not greyed out.

how can we prevent users from changing AV settings? even prevent uninstalling by them?

:50470


This thread was automatically locked due to age.
Parents
  • 0

    rino19ny,

    Did a little testing in the last couple of days.  Removing the user accounts from Sophos Administrators and moving them to Sophos Power Users removes most control from the user.  Right Click scan and Authorize are still available, but as mentioned are probably best left open.  If a user adds an authorization, you'll know about it.  The central console will give you a notification that the client isn't complying with policy.  You can then override that user's authorization if you wish by forcing their client back into compliance.  It also will alert you to software that might be false flagged that is giving your users issues. 

    The Power User group at least stops your casual user that knows how to open a GUI and stop an A/V from running.  It still doesn't stop the "closet techs" that know to stop services and kill processes, but it's better than leaving everyone as Sophos Administrators.

    I agree that the more perfect solution is education (and good acceptable use policies that are strongly enforced), and it shouldn't be IT vs everyone else.  The reality of any corporate environment though, is you will always have those users that either think they know how to run their system better or want to subvert the policy enforcement to surf their NSFW content.  The more tools available to rein in those rogue users the better.

    :50670
Reply
  • 0

    rino19ny,

    Did a little testing in the last couple of days.  Removing the user accounts from Sophos Administrators and moving them to Sophos Power Users removes most control from the user.  Right Click scan and Authorize are still available, but as mentioned are probably best left open.  If a user adds an authorization, you'll know about it.  The central console will give you a notification that the client isn't complying with policy.  You can then override that user's authorization if you wish by forcing their client back into compliance.  It also will alert you to software that might be false flagged that is giving your users issues. 

    The Power User group at least stops your casual user that knows how to open a GUI and stop an A/V from running.  It still doesn't stop the "closet techs" that know to stop services and kill processes, but it's better than leaving everyone as Sophos Administrators.

    I agree that the more perfect solution is education (and good acceptable use policies that are strongly enforced), and it shouldn't be IT vs everyone else.  The reality of any corporate environment though, is you will always have those users that either think they know how to run their system better or want to subvert the policy enforcement to surf their NSFW content.  The more tools available to rein in those rogue users the better.

    :50670
Children
No Data