Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 858 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

manual enhanced tamper protection?

Don Davidson

Is there set of registry permissions we can manually enabled on a server 2008 server that would mimic enhanced protection?  



This thread was automatically locked due to age.
Parents
  • 0

    You shouldn't be able to tamper with Sophos given the default permissions as a non-admin.

    Enhanced Tamper Protection goes someway to blocking even administrative users from tampering when enabled as it uses a driver (sophosed.sys) to filter registry, file operations, etc, to block untrusted processes from making changes.

    I don't see how you could do much to mimic this.  Using group policy to control services might be one thing you could look into.  Maybe use restricted groups to ensure only certain users are members of the local sophos groups, etc.

    Regards,

    Jak

Reply
  • 0

    You shouldn't be able to tamper with Sophos given the default permissions as a non-admin.

    Enhanced Tamper Protection goes someway to blocking even administrative users from tampering when enabled as it uses a driver (sophosed.sys) to filter registry, file operations, etc, to block untrusted processes from making changes.

    I don't see how you could do much to mimic this.  Using group policy to control services might be one thing you could look into.  Maybe use restricted groups to ensure only certain users are members of the local sophos groups, etc.

    Regards,

    Jak

Children
No Data
Unfiltered HTML