Lock down quarantine on SEP
We would like to suggest a feature were the quarantine on Symanetec Endpoint Clients is locked down so users cannot remove content out of it. A few months back we had a security review by a third party, they were able to load their programs on to one of our base desktop machines, SEP picked up the programs as hacking tools and quarantined them, they were then able to go into SEP and remove these items out of quarantine and use them.
We logged a call on this issue (Case 415-671-155) and was told it was not possible to lock down quarantine, all that can be done is:
- Lockdown on the SEP application by placing a password on the applicaiton.
- Set hacking tools to be deleted instead of quarantine.
The password option is not viable as users use the client interface to call Liveupdate and check their definition version. We are looking into changing the policy for different file types but we do not feel this is an appropriate fix.