Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

block install or uninstall...

Created: 01 Oct 2012 • Updated: 19 Oct 2012 | 5 comments
n3m3sls's picture
This issue has been solved. See solution.

IS IT POSSIBLE TO AVOID USERS TO INSTALL/UNINSTALL USING SOME SEPM POLICY ?

Comments 5 CommentsJump to latest comment

.Brian's picture

Programs or SEP?

For SEP, you can set an uninstall password.

To block programs from installing, you can use an application and device control policy or System Lockdown:

 

How to configure Application Control in Symantec Endpoint Protection 11.0 : Configuring Application Control Policies

http://www.symantec.com/docs/TECH102525

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

http://www.symantec.com/docs/TECH97618

Secondly, Another way of doing it is using "system lockdown" to enable\disable applications; check this Article:

How to configure System Lockdown in Symantec Endpoint Protection 11.0

http://www.symantec.com/docs/TECH102526

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

It's possible with the help of SEPM policies but some pre-work is required.

SEPM should have data to compare which applications to allow and which not.

Monitoring applications and services that run on client computers

http://www.symantec.com/docs/HOWTO55218

How to configure System Lockdown in Symantec Endpoint Protection 11.0

http://www.symantec.com/docs/TECH102526

Also check following videos:

Learned Application : SEP 11

http://www.symantec.com/connect/videos/learned-app...

How to Block Exe files via Application and Device Policy with File Fingerprint

http://www.symantec.com/connect/videos/how-block-e...
 

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Ashish-Sharma's picture

Yes you can configure SEPM ADC policy and blocked Uninstall and install Softwares

Configuring system lockdown.

http://www.symantec.com/business/support/index?page=content&id=HOWTO55130

Managing file fingerprint lists

http://www.symantec.com/business/support/index?page=content&id=HOWTO55133

Check this thread

https://www-secure.symantec.com/connect/forums/system-lock-down-policy

Thanks In Advance

Ashish Sharma

 

 

hj1979's picture

Kindly define that what you want safe Symantec or other Product?

For the SEP avoidance then find the below step

  1. In the console, click Clients.

  2. Under Clients, select the group for which you want to set up password protection.

  3. On the Policies tab, under Location-independent Policies and Settings, click General Settings.

  4. Click Security Settings.

  5. On the Security Settings tab, choose any of the following check boxes:

    • Require a password to open the client user interface

    • Require a password to stop the client service

    •  Require a password to import or export a policy

    • Require a password to uninstall the client

  6. In the Password text box, type the password.

    The password is limited to 15 characters or less.

  7. In the Confirm password text box, type the password again.

  8. Click OK.

https://www-secure.symantec.com/connect/blogs/how-set-password-enable-usb-access-user-end

http://www.symantec.com/business/support/index?page=content&id=TECH102700

Mithun Sanghavi's picture

 

Hello,

You can determine the level of interaction that you want users to have on the Symantec Endpoint Protection client. Choose which features are available for users to configure. For example, you can control the number of notifications that appear and limit users' ability to create firewall rules and virus and spyware scans. You can also give users full access to the user interface.

The features that users can customize for the user interface are called managed settings. The user does not have access to all the client features, such as password protection.

To determine the level of user interaction, you can customize the user interface in the following ways:

  • For virus and spyware settings, you can lock or unlock the settings.

  • For firewall settings, intrusion prevention settings, and for some client user interface settings, you can set the user control level and configure the associated settings.

  • You can password-protect the client.

To password-protect the client

  1. In the console, click Clients.

  2. Under Clients, select the group for which you want to set up password protection.

  3. On the Policies tab, under Location-independent Policies and Settings, click General Settings.

  4. Click Security Settings.

  5. On the Security Settings tab, choose any of the following check boxes:

    • Require a password to open the client user interface

    • Require a password to stop the client service

    •  Require a password to import or export a policy

    • Require a password to uninstall the client

  6. In the Password text box, type the password.

    The password is limited to 15 characters or less.

  7. In the Confirm password text box, type the password again.

  8. Click OK.

Check these Articles which may helps you with all the Information you are looking for:

How do you lock down SEP client interface so that end users cannot disable components or modify settings.

http://www.symantec.com/docs/TECH136678

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/docs/TECH102822

How to restrict users from making configuration changes to the Symantec Endpoint Protection client.

http://www.symantec.com/docs/TECH102370

Hope this helps!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.