Endpoint Protection Small Business Edition

 View Only

  • 1.  Allow Users to Scan without Allowing All Client Controls

    Posted Apr 14, 2016 01:50 PM

    In a nutshell, we don't want our users to be able to modify SEP client on the workstations.  We have some people that think they are tech savy and like to play around.  We're afraid they would add too many local exceptions or other modifications that put their PC and our networks at risk. We just learned that a couple of them want to run scans on demand.  Since we locked out the client, they can not scan using Symantec so they are using an online tool (Housecall) to do it.  Symantec is flagging the scans as an attack.

    Been looking around the forum and help screens and I don't see where I can allow scans only.  In a perfect world, it would be great to see it when you click on the symantec icon in the task tray as an option below open and update policy.

    Anyone know if it is possible to keep the system locked down but allow user to intiate scans when they want?

    Thx

    Douglas



  • 2.  RE: Allow Users to Scan without Allowing All Client Controls
    Best Answer

    Posted Apr 14, 2016 02:11 PM

    Do you mean to allow them to kickoff a full or scan, or just the option right click and "Scan for Viruses"?

    If you open the GUI and go to "Scan for Threats" they should have the option to run a full or active scan as well



  • 3.  RE: Allow Users to Scan without Allowing All Client Controls

    Posted Apr 14, 2016 05:17 PM

    Hey Brian,

    You get around.  Second one of mine you responded to. Attached two screen shots that I hope can clarify.

    Basically, I went into clients, then Policies tab and then Password settings on my manager.  I checked all the boxes. The 506pm.jpg shows what I did.

    When a client tries to launch SEP, the get the 503pm.jpg that prompts for a password. They can not see the interface/gui at all.

    If I remove the first checkbox, the can get into SEP and run a scan as you noted but it also allows them to add exceptions for scans and change other parameters that my bosses don't want them to do.

    Aware they can right click a file and scan it but my users are looking to do a quick scan or full scan of the entire workstation.

    I think it is not possible without giving them the other functionality.  Just want to confirm it is true.

    Thx,

    Douglas



  • 4.  RE: Allow Users to Scan without Allowing All Client Controls

    Posted Apr 14, 2016 05:39 PM

    Brian,

    Call me an idiot.  I followed some of your other responses to questions and figured out what what I want.

    I never understood the little lock icons in the policies.  I experimented and now see that I can lock all the elements individually so the user is unable to set/change them.  I can then remove the password to the client gui with confidence they can not do something we don't want them to do.

    This will be a long task but gives them what they want and the boss what he wants.

    Thx,

    Douglas