Endpoint security client lockdown

Hi,

There are a few things you can do to provide some form of lockdown.

1. Hide the AutoUpdate tray icon:

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\HideTrayIcon = 1

The next time Almon.exe starts it will not be visible in the tray.  The process will continue to run howerver you will loose balloon messages.  This may be something you want to try.

2. Remove the user(s) from all of the local Sophos security groups on the clients, namely:

"SophosAdministrator"

"SophosPowerUser"

"SophosUser"

3. As I mentioned in another post, maybe consider setting up a software restriction policy in AD.

Just preventing SAVmain.exe from being run could be an option.

I hope these suggestions help to keep your settings intact.

Thanks

Hi,

There are a few things you can do to provide some form of lockdown.

1. Hide the AutoUpdate tray icon:

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\HideTrayIcon = 1

The next time Almon.exe starts it will not be visible in the tray.  The process will continue to run howerver you will loose balloon messages.  This may be something you want to try.

2. Remove the user(s) from all of the local Sophos security groups on the clients, namely:

"SophosAdministrator"

"SophosPowerUser"

"SophosUser"

3. As I mentioned in another post, maybe consider setting up a software restriction policy in AD.

Just preventing SAVmain.exe from being run could be an option.

I hope these suggestions help to keep your settings intact.

Thanks