This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console questions

I am currently testing SEC, but am having no luck getting some questions answered.

1. Can you (and if so how) change what users can access on the AV clients. At the moment they can cancel scans, delete quarantined files etc, can i limit that

2. I know that a SEC policy can block progrmas running is there anyway to remove programs using a SEC profile, or does it have to be done manually

3.Can i use SEC to uninstall the AV client from a single computer or a group of computers

Any help would be great as i am trying to decide if this is the right product for our company

:732


This thread was automatically locked due to age.
Parents
  • #2 It depends on the item detected and the IDEntity Sophos provides for that item!  For example, if a PUA was detected (take NetCat in this instance) Sophos would be able to detect it, stop it from executing and includes a clean up action (which is to purge the file).

    However, for most Controlled Applications, we are unable to remove these applications due to legal ramifications.  As an example, most controlled applications, when installed by the user, have an EULA.  If we were to remove these applications without user consent, we could breach this EULA and expose Sophos to legal action!!!  As such, we detect and generate alerts and can even prevent execution of these items, but, they will need to be removed in a manual way.

    #3 SEC has the Third Party Security Software detection and removal tool built in, which can assist in migrating from one security product to Sophos.  This will not remove Sophos, you need to do this via Add/Remove programs or script and call the GUID of Sophos and its components via MSIEXEC.

    Hope this helps.

    :738

    ==

    When in doubt, Script it out.

Reply
  • #2 It depends on the item detected and the IDEntity Sophos provides for that item!  For example, if a PUA was detected (take NetCat in this instance) Sophos would be able to detect it, stop it from executing and includes a clean up action (which is to purge the file).

    However, for most Controlled Applications, we are unable to remove these applications due to legal ramifications.  As an example, most controlled applications, when installed by the user, have an EULA.  If we were to remove these applications without user consent, we could breach this EULA and expose Sophos to legal action!!!  As such, we detect and generate alerts and can even prevent execution of these items, but, they will need to be removed in a manual way.

    #3 SEC has the Third Party Security Software detection and removal tool built in, which can assist in migrating from one security product to Sophos.  This will not remove Sophos, you need to do this via Add/Remove programs or script and call the GUID of Sophos and its components via MSIEXEC.

    Hope this helps.

    :738

    ==

    When in doubt, Script it out.

Children
No Data