This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent Anti Virus from being disabled

We are using the Sophos AV enterprise product.

During a vulnerability test it was brought to our attention that anyone with the correct security level could disable AV on any PC so as not to be detected during testing.

How can we prevent AV from being disabled w/o a password or some other info other than AD permission group?

Thanks,

Mike

This thread was automatically locked due to age.

Parents

0 QC over 11 years ago

Hello Mike,
anyone with the correct security level could disable AV on any PC
locally on the PC? And what exactly is meant by disable AV?
Members of the SophosAdministrator group can disable On-Access checking. This group is populated at install time with the members of the Administrators group and LOCAL SYSTEM. When Tamper Protection is enabled an additional password is required to make certain changes to the configuration. This will not prevent tampering by Administrators at the OS level though.
[:smileytongue: can't resist - anyone with the correct security level could: isn't that what defines correct?]
Christian
:45211
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 11 years ago

Hello Mike,
anyone with the correct security level could disable AV on any PC
locally on the PC? And what exactly is meant by disable AV?
Members of the SophosAdministrator group can disable On-Access checking. This group is populated at install time with the members of the Administrators group and LOCAL SYSTEM. When Tamper Protection is enabled an additional password is required to make certain changes to the configuration. This will not prevent tampering by Administrators at the OS level though.
[:smileytongue: can't resist - anyone with the correct security level could: isn't that what defines correct?]
Christian
:45211
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data