This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent stopping Services for Sophos AntiVirus

Hi all,

i would like to know if it is possible to prevent Users / Admins from stopping the Sophos related Services on a windows machine. I don't mean manipulating or blanking out the services with Micosoft GPOs in an Active Directory Domain. I mean as a feature in the virus scanning client or console.

Other vendors support this feature since a few years (Unauthorized Change Prevention Service) and so it is only possible to stop On Access Scanning if you know the password for the Tamper Protection.

If actual not possible i think it would be a nice feature for future releases.

Thanks and best regards

André Winkler

This thread was automatically locked due to age.

Parents

0 QC over 9 years ago

Hello André,
there's quite a number of threads on this topic (won't repeat my boring answers here and btw I'm not Sophos).
If you have to treat your administrators (users can't stop the service anyway) like malware and protect your endpoints against deliberate and determined disablement of AV by them you have definitely a problem. But I doubt that locking down the service is the answer - not even a partial one. Arms race between you and your users? [oops - I did it again]
:57594
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 9 years ago

Hello André,
there's quite a number of threads on this topic (won't repeat my boring answers here and btw I'm not Sophos).
If you have to treat your administrators (users can't stop the service anyway) like malware and protect your endpoints against deliberate and determined disablement of AV by them you have definitely a problem. But I doubt that locking down the service is the answer - not even a partial one. Arms race between you and your users? [oops - I did it again]
:57594
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data