Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 19 subscribers
  • Views 45160 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Option to prevent tampering with Sophos services and settings

ksmith0724

Hello Folks -

We just recently implemented Sophos S&C 9.0 for our end-users.  The product works great but we are looking for some sort of mechanism to prevent our limited number of users who are also local administrators on their laptops from stopping the Sophos services.  I know with other vendors products that regardless of whether the user is an admin or not they still provided some sort of setting(s) that would prevent the users from doing so.

I do realize (and I saw this on other posts in this forum) that it doesn't go along with "safe computing practices" but in some companies (i.e. telecoms) it is often at times cumbersome to lock down certain departments (RF engineers, field crews, etc) especially when these departments are in direct contact with vendors, etc.  I can restrict with a Group Policy the "Install with Elevated Privilges" settings but many applications are hard coded to require an administrator installing the software.

I saw that Sophos Professional Services can assist with this type of configuration but in my honest opinion this is something that should be included in an enterprise class endpoint solution.  I also may be searching on the wrong keywords so if there is an article / suggestion on how to accomplish this please steer me in the correct direction.

Thanks!

:2028


This thread was automatically locked due to age.
Parents
  • 0

    Doesn't really seem  like you are interested in hearing constructive criticism about your product but I think that both of these areas are gaps in the Sophos endpoint security solution.

    Sure I shouldn't have used the word phrase "truly" tamper proof there but preventing admins from killing the process does make it MORE tamper proof and having the ability to detect a heartbeat or at least validate and alert for non complying endpoints would help with visibility into scenarios where the service has been disabled or process has been killed.

    Of course you can feel free to blame the possibility of this happening onto the customer's policies and the possibility of having local admin privileges, but security is all about layers and your approach seems to be ignoring that.  Almost no security implementation of anything is bulletproof, so pointing out the holes in these aspects as your reason for not implementing a more secure implementation isn't a solid argument in my opinion.

    Do you also not lock your door because locks can be easily picked?

    :55148
Reply
  • 0

    Doesn't really seem  like you are interested in hearing constructive criticism about your product but I think that both of these areas are gaps in the Sophos endpoint security solution.

    Sure I shouldn't have used the word phrase "truly" tamper proof there but preventing admins from killing the process does make it MORE tamper proof and having the ability to detect a heartbeat or at least validate and alert for non complying endpoints would help with visibility into scenarios where the service has been disabled or process has been killed.

    Of course you can feel free to blame the possibility of this happening onto the customer's policies and the possibility of having local admin privileges, but security is all about layers and your approach seems to be ignoring that.  Almost no security implementation of anything is bulletproof, so pointing out the holes in these aspects as your reason for not implementing a more secure implementation isn't a solid argument in my opinion.

    Do you also not lock your door because locks can be easily picked?

    :55148
Children
No Data
Unfiltered HTML