Endpoint security client lockdown

Hi,

There are a few things you can do to provide some form of lockdown.

1. Hide the AutoUpdate tray icon:

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\HideTrayIcon = 1

The next time Almon.exe starts it will not be visible in the tray.  The process will continue to run howerver you will loose balloon messages.  This may be something you want to try.

2. Remove the user(s) from all of the local Sophos security groups on the clients, namely:

"SophosAdministrator"

"SophosPowerUser"

"SophosUser"

3. As I mentioned in another post, maybe consider setting up a software restriction policy in AD.

Just preventing SAVmain.exe from being run could be an option.

I hope these suggestions help to keep your settings intact.

Thanks

Any type of software restriction ideas for an eDirectory environment?

Don't want to hide the icon for support/troubleshooting efficiency.

Or just a way to disable or password protect the Configure menu, settings, options?

I am testing your #2 solution and found that it pulls the users from the Users group on the computer before installation. 

I am going to try a script that removes those accounts from the SophosUser group. 

If all goes well I will use Group Policy to remove all accounts from that group.

Thank you,

Jason

Hello Jason,

it pulls the users from the Users group on the computer before installation

For the sake of completeness: The local built-in INTERACTIVE and Authenticated Users and the domain\Domain Users and domain\SophosDomainUser groups as well.

Christian

I have a script that I used for testing and if people are interested I can post it here?

Thanks,

Jason

I would like the opportunity to see what you have created already. You could save me some time.