This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console questions

I am currently testing SEC, but am having no luck getting some questions answered.

1. Can you (and if so how) change what users can access on the AV clients. At the moment they can cancel scans, delete quarantined files etc, can i limit that

2. I know that a SEC policy can block progrmas running is there anyway to remove programs using a SEC profile, or does it have to be done manually

3.Can i use SEC to uninstall the AV client from a single computer or a group of computers

Any help would be great as i am trying to decide if this is the right product for our company

:732


This thread was automatically locked due to age.
  • Answer to #1 - need to take the user out of the SophosAdministrators group on the local computer. I was given a word doc on how to perform this automatically with group policy. If you want I can forward it.

    2 and 3 - not sure.

    :733
  • #2 It depends on the item detected and the IDEntity Sophos provides for that item!  For example, if a PUA was detected (take NetCat in this instance) Sophos would be able to detect it, stop it from executing and includes a clean up action (which is to purge the file).

    However, for most Controlled Applications, we are unable to remove these applications due to legal ramifications.  As an example, most controlled applications, when installed by the user, have an EULA.  If we were to remove these applications without user consent, we could breach this EULA and expose Sophos to legal action!!!  As such, we detect and generate alerts and can even prevent execution of these items, but, they will need to be removed in a manual way.

    #3 SEC has the Third Party Security Software detection and removal tool built in, which can assist in migrating from one security product to Sophos.  This will not remove Sophos, you need to do this via Add/Remove programs or script and call the GUID of Sophos and its components via MSIEXEC.

    Hope this helps.

    :738

    ==

    When in doubt, Script it out.

  • This was going through the sales guy who wants our company to buy the product, i asked if he could provide a tech email address as a point of contact but he wanted it to go through him

    :747
  • @curado is there anyway you could send that too me thanks

    :748
  • Hi SysTech,

    We've had a couple of requests to add application removal to Application Control and it something listed within our feature request database. The challenge is that we now "control" over 500 applications so adding automated removal for these applications (and testing it) is not an insignificant task. Our view up to now has been that as all controlled applications are "legitimate" they are usually straightforward to removal via add / remove programs - although I can appreciate that this would be even easier if it was automated! Where possible the identities used in application control will attempt to block both the installer and main executables for applications so this reduce the risk of applications being installed once the policy is in place. If this is not the case for a specific app then email appcontrol@sophos.com or contact Sophos support and we can usually quickly turn around an updated identity.

    On topic #1 there are some enhancements to our "tamper protection" functionality coming in our 9.5 release due latter this year. If you want more detail then please speak to your sales account manager.

    Best regards,

    John

    :750
  • Thanks for your reply, i will bear that in mind.

    Another question i have is that some of our workers use excel to play embedded games, is there anyway to block them using application control (but not banning excel itself)

    :762
  • Unfortunately not using Application Control. I'll ask the labs to have a look and see if we can work out a way to achieve it using an AppC indentity.

    Best regards,

    John

    :768