Video Screencast Help

About client unistallation password

Created: 28 Sep 2012 | 13 comments
wmujawar's picture

I have installed sep 12.1 clients and applied a password to prevent users from uninstalling and stopping the Sep client.

I read an article on the internet which helps users to bypass the password setting in the registry and uninstall the client.

How can i prevent users from unistalling the client from their PC.

 

Comments 13 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Tamper protection are enable or not ?

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

you can use the ADC policy to prevent tampering of the registry.

.Brian's picture

Tamper protection will only protect against client services.

You would need to enable the application control policy to protect client services and registry keys. It is a default policy in the SEPM.

Go to Application and Device Control policy >> Application Control tab

Should see the policy called "Protect client files and registry keys"

This is the one you want to enable.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

wmujawar's picture

 i dont see this policy in sep 12.1

.Brian's picture

I have attached a policy for you. You can import into your SEPM.

 

AttachmentSize
SEP Hardening Application and Device Control policy v1.zip 29.18 KB

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

SEP Application Control policy to protect executable file registry configuration

http://www.symantec.com/docs/TECH171301

Check this thread

http://www.symantec.com/connect/forums/application-and-device-control-hardening-policy-sepm-121

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Hardening the SEP would Provide the Maximum Protection.

" Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security" ---- http://www.symantec.com/docs/TECH132337

If you want to Disable the same OR View it, Please check the following:

1) Login to the SEPM

2) Go to Application and Device Conrtol Policy and check if the Protect client files and registry keys is checked. If yes, make sure you uncheck the same.

When you apply Hardening the SEP Policy; it checks all the check boxes shown above.

How the Application and Device Control Hardening policy works

http://www.symantec.com/docs/TECH132307

 

You can determine the level of interaction that you want users to have on the Symantec Endpoint Protection client. Choose which features are available for users to configure. For example, you can control the number of notifications that appear and limit users' ability to create firewall rules and virus and spyware scans. You can also give users full access to the user interface.

The features that users can customize for the user interface are called managed settings. The user does not have access to all the client features, such as password protection.

To determine the level of user interaction, you can customize the user interface in the following ways:

  • For virus and spyware settings, you can lock or unlock the settings.

  • For firewall settings, intrusion prevention settings, and for some client user interface settings, you can set the user control level and configure the associated settings.

  • You can password-protect the client.

To password-protect the client

  1. In the console, click Clients.

  2. Under Clients, select the group for which you want to set up password protection.

  3. On the Policies tab, under Location-independent Policies and Settings, click General Settings.

  4. Click Security Settings.

  5. On the Security Settings tab, choose any of the following check boxes:

    • Require a password to open the client user interface

    • Require a password to stop the client service

    •  Require a password to import or export a policy

    • Require a password to uninstall the client

  6. In the Password text box, type the password.

    The password is limited to 15 characters or less.

  7. In the Confirm password text box, type the password again.

  8. Click OK.

Check this Article which may helps you with all the Information you are looking for:

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

http://www.symantec.com/docs/TECH136678

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/docs/TECH102822

How to restrict users from making configuration changes to the Symantec Endpoint Protection client.

http://www.symantec.com/docs/TECH102370

Hope this helps!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

sandra.g's picture

"Protect client files and registry keys" no longer appears in the ADC policy because Tamper Protection now protects the SEP registry keys. This is why you must now disable Tamper Protection in order to enable Sylink Debugging.

Adding this back to the ADC policy should NOT be necessary. wmujamar, have you actually tried to disable the uninstallation password on a client computer, and if so, did it allow you to do so with Tamper Protection enabled?

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

wmujawar's picture

Dear Sandra,

I enabled both Tamper protection and "protect client registry". Still one of my colleague was able to uninstall the SEP. He did by disconnecting the machine from network, entering into safe mode and then deleting some registry files related to symantec. Any suggestion?

sandra.g's picture

How did he know which registry files to remove to allow a successful uninstall? Further preventative measures may need to be based on restricting rights and privileges at an operating system level. Others may have additional suggestions.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

Rafeeq's picture

if tamper protection is enabled.

They wont be able to uninstall without password

the old trick used to uninstall SAV does not work with SEP