Hello,
I was hoping someone might know the answer to my query.
I am trying to lock down the security of our workstations as much as possible and recently had a security audit conducted. The auditor told me that since he was able to go into the computer's Services and stop the "Symantec Endpoint Protection" service, that a malicious person/process would be able to do the same and thereby expose the system to a virus. The Tamper protection that you can configure via Symantec's manager appears to only lock down access to the "Symantec Management Client" service on the client computer.
I've tried changing the "Symantec Endpoint Protection" service security rights via a GPO, and that does prevent people from being able to stop it, however it also breaks the connection beween SEP client and server, haha. This is the article I read about that...
https://www-secure.symantec.com/connect/forums/tamper-protection-does-not-prevent-user-changing-service-status-disable
So, since the "Symantec Management Client" appears to be the only service that Symantec provides a way to restrict access to, will this service alone protect a computer against malicious attack?
Tech details: using SEP ver.
11.0.6005.562 (11 RU 6a) . users are local Power Users. Client PCs are Windows XP & 7.
Thank you,
Cielle