Sophos Updates changing UAC and ACL in Windows?

Hello Keith Morris,

first of all, which product (SESC, Central, ...)?
Off the top of my head - certain Windows Security Options are reset during remediation (cleanup in response to a detection). I'm not aware that updating would modify global settings, but certain product related settings are set to their intended values. Actually install or update fails if settings aren't as expected (e.g. permissions on HKLM\Software).
Can you disclose which settings these are?

Christian

See here:

https://community.sophos.com/kb/en-us/118583

https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/90238/window-security-options-being-reset-during-remediation

Regards,

Holger

Sadly, I would consider this software Legacy as the UAC breaks this software.  Additionally, the users have to run this software as Admin with special command line parameters.  the Windows ACL that I mentioned is due to the user also needing write access to a few folders inside of Program Files.

Horrible programming on their part, I know.  But our customer is quite invested in this software and not using it is not an option.  We would have to ditch Sophos before they ditched this software.

I am going to look into the Application Compatibility Toolkit to see what it can do for us...  But I am fearing we will have to remove Sophos on these PCs, at least until a fix is found...

Sadly, I would consider this software Legacy as the UAC breaks this software.  Additionally, the users have to run this software as Admin with special command line parameters.  the Windows ACL that I mentioned is due to the user also needing write access to a few folders inside of Program Files.

Horrible programming on their part, I know.  But our customer is quite invested in this software and not using it is not an option.  We would have to ditch Sophos before they ditched this software.

I am going to look into the Application Compatibility Toolkit to see what it can do for us...  But I am fearing we will have to remove Sophos on these PCs, at least until a fix is found...

Why don't you apply the registry value that is listed here ?

https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/90238/window-security-options-being-reset-during-remediation

It is the fix that you are looking for.

Hello Keith Morris,

the user also needing write access to a few folders inside of Program Files
don't have (convenient) access to a Windows endpoint right now but I'll check. Off the top of my head I couldn't say which rights this would be.

the users have to run this software as Admin with special command line parameters
You've lost me here. Interaction with this software is, if at all, via the GUI. But maybe I miss which part you are referring to.

There seems to be some misunderstanding (it could as well be on my part).

Christian

Hello Keith Morris,

after checking I still don't see what the UAC breaks or that it is modified - could you give details?

the user also needing write access to a few folders inside of Program Files
re-reading this part I'm sure I've misunderstood you - you mean that upgrading Sophos resets the ACLs on non-Sophos folders under Program Files (Program Files or Program Files (x86) - under the latter I have folders where users have write access and their ACLs haven't been modified)?

Christian