Quarantine remediation
Hello,
I've a Host Integrity rule that put computers in quarantine mode when Antivirus is not up to date since X days.
In this policy, I've the option 'If not, update the signature file' + 'execute the command' c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe -updateconfig
I now know that this command line can only be launched if the user is local admin of the computer.
My question : is this command line launched successfuly ? SEP try to launch this command and I can see the environnement where ccsvchst runs is SYSTEM, so admin of the computer. Right ?
Is the command line option necessary or can i just let the 'if not, update...' option ?
If that doesn't work and that my user is still in qurantine, what can he do to force a signature update if not admin ?
Thanks in advance
Comments 1 Comment • Jump to latest comment
My question : is this command line launched successfuly ? SEP try to launch this command and I can see the environnement where ccsvchst runs is SYSTEM, so admin of the computer. Right ? Yes
Is the command line option necessary or can i just let the 'if not, update...' option ? The client should get the update as soon as it checks in and sees that its out of date
If that doesn't work and that my user is still in qurantine, what can he do to force a signature update if not admin ? He can run liveupdate manually from the GUI
SEP Knowledge Base
Endpoint SWAT
Would you like to reply?
Login or Register to post your comment.