Endpoint Protection

 View Only
  • 1.  Turning off the restore function for users in the View Quarantine SEP11 Window

    Posted Oct 12, 2010 04:32 PM

    I was testing the SEP11 response to security risks in response to several Password Reveler programs being detected on our network.

    SEP11 detected and removed to quarantined the Password Revelers as expected, this was encouraging.

    Unfortunately in the SEP11 user console, the user had the option to restore quarantined items and worse, make them into trusted applications.

    Is there a way to disable the restore button in the View Quarantine window for users?



  • 2.  RE: Turning off the restore function for users in the View Quarantine SEP11 Window



  • 3.  RE: Turning off the restore function for users in the View Quarantine SEP11 Window

    Posted Oct 12, 2010 06:10 PM

     

    As an answer, what I see in the KB as a possible workaround is to set up a Quarantine Server,  and have all clients send files to it.  That way users perhaps would not be able to restore a quarantined file.

    Hoping that helps

     

     



  • 4.  RE: Turning off the restore function for users in the View Quarantine SEP11 Window

    Posted Oct 12, 2010 08:24 PM

    YES; or else you can set password to open client interface; if they are not able to open ; they wont be able to do anything else



  • 5.  RE: Turning off the restore function for users in the View Quarantine SEP11 Window

    Posted Oct 13, 2010 01:59 AM

    Currently there is no option in SEPM to block the user form restoring quarantine files.You can add it as an idea in the idea section of this form so that in future releases they may implement it. As a work around you can set a password for opening client user interface.This you can do it in SEPM--->clients---> <<corresponding group>>--->policies--->general settings--->security settings...



  • 6.  RE: Turning off the restore function for users in the View Quarantine SEP11 Window
    Best Answer

    Posted Oct 13, 2010 02:37 PM

    thanks for the suggestions, we opted instead to have hack tools deleted in the Policies>Anti virus and Antispyware>File System Auto-Protect menu. The risk of a hack tool being reinstated is considered greater then the risk of false positives to my department.