I've a Host Integrity rule that put computers in quarantine mode when Antivirus is not up to date since X days.
In this policy, I've the option 'If not, update the signature file' + 'execute the command' c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe -updateconfig
I now know that this command line can only be launched if the user is local admin of the computer.
My question : is this command line launched successfuly ? SEP try to launch this command and I can see the environnement where ccsvchst runs is SYSTEM, so admin of the computer. Right ?
Is the command line option necessary or can i just let the 'if not, update...' option ?
If that doesn't work and that my user is still in qurantine, what can he do to force a signature update if not admin ?
Thanks in advance