Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 7910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature Request: Tamper protection for "Sophos Anti-Virus for Linux"

Markus Knappe

We need the tamper protection for our Linux stations, so that our developers cannot uninstall the virus protection. These developers need root privileges and can therefore remove the virus protection at the moment.



This thread was automatically locked due to age.
  • 0

    Hello Markus Knappe,

    any ideas how this could or should be implemented?
    I'm not Sophos (and also not a Linux expert) so I won't comment on it. I think can say something meaningful. 

    Christian

  • 0 in reply to QC

    Hello, Christian,

    I'm sorry, but this is also out of my depth. My Linux knowledge is fundamental and maybe it's not possible under Linux.

     I hope that my question will answer this.

    Best regards,

    Markus

  • 0 in reply to QC

    Hi,

    Such a request would need to come in via support, or directly to Product Management.

    I have no idea how such a thing could be implemented, I suspect any kind of tamper protection would only raise the bar, and make it more likely that SAV would be disabled rather than cleanly uninstalled.

    As long as the user has root access they can disable SAV, e.g. by removing init scripts, that would be hard to prevent. If they have physical access, they could always boot a Live CD to remove/disable SAV even with any kind of Tamper Protection.

    Thanks,

    Douglas.

  • 0 in reply to DouglasLeeder

    Hello Douglas and Markus,

    thought as much. Even on Windows you can disable TP. Linux users with root privileges have presumably more knowledge than your average Windows user with an admin account but perhaps this is changing.
    I always wonder why this want to disable AV? Can't imagine that developers work on low-end systems so performance shouldn't be an issue.

    Christian

Unfiltered HTML