Endpoint Protection

 View Only
  • 1.  Prevent users option to make changes on client from Endpoint Protection Manager

    Posted Sep 16, 2009 10:24 AM
    Ok,
     
    So what I want to do is prevent users from being able to make any changes on the client side. THey shouldn't be able to shut off Antivirus, run scans, run live update, specifically use the change setting button, etc.. Then as I push the cleint out to the rest of the PC's I can decide what I need to put back on if anything by department.

    I was able to grey out Live update easily under policies > Live Update > and editing the default policy
    This forces them to get updates when I want to push them to them after testing.

    The rest of the options are a total pain to find to deny button clicking (grey out) options - WHY?

    I searched around on here in the forums and the software help.  The best info I found was messing with the locks under Policies > Antivirus and AntiSpyware. That did a whole lot of nothing to lock any kind of user access abilities. Personally I didn't a thing change but whatever.

    I was able to grey out the option "Disable Network Threat Protection"
    Found in : Clients > selected the users OU I am pulling from AD > Policies > Location-Specific settings > Client User Interface Control Settings :
    I switch to mixed control
    Customized mixed control and moved everything to server on Client/Server Control Settings
    On the Client User Interface Setting I unchecked - Allow users to enable and disable Network Threat Protection. (This greyed out option for users to change)

    Can enyone tell me where to find the rest of these disable settings, seem to me they could have put the together in the first place but that would make to much sense!

    I would be looking for detailed paths to turn them off or a link to quality documentation!

    Thanks

    FYI - why is there only a product selection below for small business edition of end point or end point protection (antivirus)???? I am using EndPoint protection 11, no notes of it being small business.





  • 2.  RE: Prevent users option to make changes on client from Endpoint Protection Manager
    Best Answer

    Posted Sep 16, 2009 10:38 AM
    YOu seem to fixed few.

    shouldn't be able to shut off Antivirus--Password protect Symantec Services. you will find it under same section.


    click on clients
    click on policies
    click on general settings- security settings.

    select the option to require password to open interface

    when they are not able to open the interface, they wont be able to change anything.








  • 3.  RE: Prevent users option to make changes on client from Endpoint Protection Manager

    Posted Sep 16, 2009 11:51 AM
    Hi Aspired,

    There is a section for SEP 11 (see screenshot). I am moving your post to that forum for greater visibility.

    sep11.JPG

    Cheers,
    Thomas


  • 4.  RE: Prevent users option to make changes on client from Endpoint Protection Manager

    Posted Sep 16, 2009 11:56 AM
    More locations for locking settings are found in each type of policy.

    For example in Antivirus and Antispyware policy there is a lock icon next to 'enable autoprotect'. When locked the end user is not able to disable autoprotect any more.

    There are similar items for PTP and Outlook protection, for example.


  • 5.  RE: Prevent users option to make changes on client from Endpoint Protection Manager

    Posted Sep 16, 2009 01:43 PM
    Great, was not sure since that says (AntiVirus) and I was looking for assistance with the whole product suite (Antivirus, Malware, Firewall, etc..).

    Thank a bunch for the move and clarification!!!


  • 6.  RE: Prevent users option to make changes on client from Endpoint Protection Manager

    Posted Sep 16, 2009 01:48 PM

    Now that is money!

    Just having issues finding what I am looking for, once found I am golden!

    Fast and really what I needed!