Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 6658 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tamper Protection Work around creaters "Differs from Policy"

LoXodonte

I have enabled tamper protection through policy but it doesn't seem to allow much custmoization other than on and off. Here is what we tried on a client machine with Tamper Protection On:

Go to: Configure anti-virus and HIPS
then On-demand Extensions and exclusions
exclusions tab
add your C:\drive
then look at the warning "Changes made on this page are global and apply to all scans and users"
so basically you can just side step scanning by excluding your drives?? Obviously I'm missing something, at least I hope I am.

:47751


This thread was automatically locked due to age.
Parents
  • 0

    Hello LoXodonte,

    tamper protection ... doesn't seem to allow much customization

    in fact, you can't change what TP does and what's covered by it. Please note that it affects only members of the SophosAdministrator group (in practice the local administrators) and furthermore, as the Help says, is effective only "against" users with limited technical knowledge (which implies it can be bypassed - although not without generating an alert).

    On-demand Extensions and exclusions

    this applies to on-demand, locally scheduled, and right-click scans, not to on-access scanning (or scans scheduled from the console).

    Christian

    :47785
Reply
  • 0

    Hello LoXodonte,

    tamper protection ... doesn't seem to allow much customization

    in fact, you can't change what TP does and what's covered by it. Please note that it affects only members of the SophosAdministrator group (in practice the local administrators) and furthermore, as the Help says, is effective only "against" users with limited technical knowledge (which implies it can be bypassed - although not without generating an alert).

    On-demand Extensions and exclusions

    this applies to on-demand, locally scheduled, and right-click scans, not to on-access scanning (or scans scheduled from the console).

    Christian

    :47785
Children
No Data