This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Updates changing UAC and ACL in Windows?

A customer of ours has about 300 endpoints.  50 of these have some very specific UAC and ACL configurations in Windows.  When we initally rolled out Sophos, these settings were reversed even though we have GPO setting this stuff up.  Well, GPO never set it back up and we had to manually resolve.  After this recent update, 10.8.1, it seems to have reverted again!

Has anyone else encountered things like this before?  Our customer is ready to say Uninstall Sophos.  These are critical machines that Sophos is breaking.  I need to come up with another solution instead of Uninstall.

I have opened a ticket but have yet to even receive the automated email confirmation.  May have to open it again.



This thread was automatically locked due to age.
Parents
  • Hello Keith Morris,

    first of all, which product (SESC, Central, ...)?
    Off the top of my head - certain Windows Security Options are reset during remediation (cleanup in response to a detection). I'm not aware that updating would modify global settings, but certain product related settings are set to their intended values. Actually install or update fails if settings aren't as expected (e.g. permissions on HKLM\Software).
    Can you disclose which settings these are?

    Christian

Reply
  • Hello Keith Morris,

    first of all, which product (SESC, Central, ...)?
    Off the top of my head - certain Windows Security Options are reset during remediation (cleanup in response to a detection). I'm not aware that updating would modify global settings, but certain product related settings are set to their intended values. Actually install or update fails if settings aren't as expected (e.g. permissions on HKLM\Software).
    Can you disclose which settings these are?

    Christian

Children