Endpoint Protection

 View Only

  • 1.  Quarantine remediation

    Posted Aug 23, 2012 02:56 AM

    Hello,

    I've a Host Integrity rule that put computers in quarantine mode when Antivirus is not up to date since X days.

    In this policy, I've the option 'If not, update the signature file' + 'execute the command' c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe -updateconfig

    I now know that this command line can only be launched if the user is local admin of the computer.

    My question : is this command line launched successfuly ? SEP try to launch this command and I can see the environnement where ccsvchst runs is SYSTEM, so admin of the computer. Right ?

    Is the command line option necessary or can i just let the 'if not, update...' option ?

    If that doesn't work and that my user is still in qurantine, what can he do to force a signature update if not admin ?

     

    Thanks in advance



  • 2.  RE: Quarantine remediation
    Best Answer

    Posted Aug 30, 2012 09:21 PM

    My question : is this command line launched successfuly ? SEP try to launch this command and I can see the environnement where ccsvchst runs is SYSTEM, so admin of the computer. Right ? Yes

    Is the command line option necessary or can i just let the 'if not, update...' option ? The client should get the update as soon as it checks in and sees that its out of date

    If that doesn't work and that my user is still in qurantine, what can he do to force a signature update if not admin ? He can run liveupdate manually from the GUI