Endpoint Protection

Hi,

My environment is SEP 12.1 on Windows 7.  Policies that block or quarantine are working properly when a logged in user is a non-admin.  However, if a local admin logs into the same machine and tries to access the same app or file, SEP does not block or quarantine the file.  How does one make sure that SEP policies work the same for non-admin and admin users?

Thanks.

Bob

is this for a file that is considered a virus by SEP? I'm not sure why the non-admin/admin part would matter. If SEP detects a virus, it should take action regardless of what type of permissions the users have.

What kind of policies are you talking about? AV, ADC?

Hi

Can you please elaborate the policies you have configured

Regards

I Guess  have Configured Location Based Policy, if yes then yes the  Local Admin and user will have Different Polcies. Please read here

http://www.symantec.com/business/support/index?page=content&id=HOWTO80772&actp=search&viewlocale=en_US&searchid=1361448205962

For example, we have an application and device control policy in place that blocks access to .lnk files.  This policy is a template that was copied from Symantec.  One of my colleagues has two accounts, one that has local admin rights and the other does not.  If he is logged into that computer as a non-admin, the policy correctly prevents him from accessing a .lnk file on a network share.  However, when he logs in as a local administrator, he is able to access the .lnk.  

have your configured the User mode.Does it work if you reboot and login? or do smc -stop and smc -start?

Machines are in computer mode.