locked
Tamper protection in Forefront Client Security RRS feed

  • Question

  • We are planning on using Forefront for our AV/anti-malware/endpoint protection. We are currently using Symantec SEP. On nice thing about SEP was the ability to prevent users from tampering with the settings we push out. We really don't want them to be able to remove the app (they have local admin priviliges on the workstation) nor do we want them to be able to stop the service.  If found a link (http://blogs.microsoft.co.il/blogs/yanivf/archive/2009/01/09/temper-protection-in-forefront-client-security.aspx) that is titled Tamper Protection in Forefront Client security. It details protecting Forefront Client Security Services from being stopped and How to prevent Forefront Client Security Services from being installed. It was for Forefront Client Security Services 2012 Will this keep people from stopping or removing Forefront Client Security Services? Is there a different way to do it with Forefront 2012 or is the idea the same? Thanks!
    Thursday, March 28, 2013 2:57 PM

All replies

  • Hi,

    Thank you for the post.

    I have replied you in this thread and would like to suggest that we follow up this issue there: http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/3f102148-8bcf-488d-98ed-82e5966d138e

    Regards,


    Nick Gu - MSFT

    Friday, March 29, 2013 5:20 PM
  • Thanks for the info. That covers half of what I need to know. The second part is how to stop local admin users from uninstalling the client. I know you can remove the permissions on the uninstall on the client for the local admin in the registry. And I assume you have to remove the uninstall.exe (or hide it) to make sure. But will an update where a new client is installed put this information back on the client and defeat the purpose?

    Thanks for pointing in the right direction.

    Tuesday, April 2, 2013 4:02 PM