This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Updates changing UAC and ACL in Windows?

A customer of ours has about 300 endpoints.  50 of these have some very specific UAC and ACL configurations in Windows.  When we initally rolled out Sophos, these settings were reversed even though we have GPO setting this stuff up.  Well, GPO never set it back up and we had to manually resolve.  After this recent update, 10.8.1, it seems to have reverted again!

Has anyone else encountered things like this before?  Our customer is ready to say Uninstall Sophos.  These are critical machines that Sophos is breaking.  I need to come up with another solution instead of Uninstall.

I have opened a ticket but have yet to even receive the automated email confirmation.  May have to open it again.



This thread was automatically locked due to age.
Parents Reply Children
  • Sadly, I would consider this software Legacy as the UAC breaks this software.  Additionally, the users have to run this software as Admin with special command line parameters.  the Windows ACL that I mentioned is due to the user also needing write access to a few folders inside of Program Files.

    Horrible programming on their part, I know.  But our customer is quite invested in this software and not using it is not an option.  We would have to ditch Sophos before they ditched this software.

    I am going to look into the Application Compatibility Toolkit to see what it can do for us...  But I am fearing we will have to remove Sophos on these PCs, at least until a fix is found...

  • Hello Keith Morris,

    the user also needing write access to a few folders inside of Program Files
    don't have (convenient) access to a Windows endpoint right now but I'll check. Off the top of my head I couldn't say which rights this would be.

    the users have to run this software as Admin with special command line parameters
    You've lost me here. Interaction with this software is, if at all, via the GUI. But maybe I miss which part you are referring to.

    There seems to be some misunderstanding (it could as well be on my part).

    Christian

  • Hello Keith Morris,

    after checking I still don't see what the UAC breaks or that it is modified - could you give details?

    the user also needing write access to a few folders inside of Program Files
    re-reading this part I'm sure I've misunderstood you - you mean that upgrading Sophos resets the ACLs on non-Sophos folders under Program Files (Program Files or Program Files (x86) - under the latter I have folders where users have write access and their ACLs haven't been modified)?

    Christian