This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Option to prevent tampering with Sophos services and settings

Hello Folks -

We just recently implemented Sophos S&C 9.0 for our end-users. The product works great but we are looking for some sort of mechanism to prevent our limited number of users who are also local administrators on their laptops from stopping the Sophos services. I know with other vendors products that regardless of whether the user is an admin or not they still provided some sort of setting(s) that would prevent the users from doing so.

I do realize (and I saw this on other posts in this forum) that it doesn't go along with "safe computing practices" but in some companies (i.e. telecoms) it is often at times cumbersome to lock down certain departments (RF engineers, field crews, etc) especially when these departments are in direct contact with vendors, etc. I can restrict with a Group Policy the "Install with Elevated Privilges" settings but many applications are hard coded to require an administrator installing the software.

I saw that Sophos Professional Services can assist with this type of configuration but in my honest opinion this is something that should be included in an enterprise class endpoint solution. I also may be searching on the wrong keywords so if there is an article / suggestion on how to accomplish this please steer me in the correct direction.

Thanks!

This thread was automatically locked due to age.

Parents

0 QC over 9 years ago

Hello froggy,
just in case - I'm not Sophos (and I don't want to give the impression that they are [not] interested in hearing constructive criticism).
At a certain point the MORE of something enters the zone of diminishing marginal utility. Locking the front door is good practice and the costs are minimal - it doesn't make much sense though to install a triple-lock burglary-resistant security door when you have a glass front in the back.
I've said it several times before - if you have users who have to be admins and who have to be kept from fiddling with AV (and security in general) you have an educational problem - one that has a vast impact on security and that can't for the most part be solved by technology.
(Near) real-time monitoring of an endpoint's health and integrity is a technology sector in its own right and goes beyond simple management. It'd not only require a lot more resources (and intelligence) on the server side but also significant development effort to make it watertight ... though then it could be used for general monitoring as well. If one needs something like this one probably has it already.
Christian
:55161
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 9 years ago

Hello froggy,
just in case - I'm not Sophos (and I don't want to give the impression that they are [not] interested in hearing constructive criticism).
At a certain point the MORE of something enters the zone of diminishing marginal utility. Locking the front door is good practice and the costs are minimal - it doesn't make much sense though to install a triple-lock burglary-resistant security door when you have a glass front in the back.
I've said it several times before - if you have users who have to be admins and who have to be kept from fiddling with AV (and security in general) you have an educational problem - one that has a vast impact on security and that can't for the most part be solved by technology.
(Near) real-time monitoring of an endpoint's health and integrity is a technology sector in its own right and goes beyond simple management. It'd not only require a lot more resources (and intelligence) on the server side but also significant development effort to make it watertight ... though then it could be used for general monitoring as well. If one needs something like this one probably has it already.
Christian
:55161
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data