Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Endpoint Tamper Protection Hardening

Can endpoint tamper protection be hardened in a way that the user (even administrator) does not have the ability to disable Sophos services, rename the Sophos directory structure, or even delete Sophos registry keys.

All this will add optimal protection against tampering by not allowing anyone to uninstall Sophos, even with administrative privileges.

22 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    james burchelljames burchell shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Clint HarrisClint Harris commented  ·   ·  Flag as inappropriate

        I 100% agree and I can't believe, 2 years later, that this isn't the way the product works yet. Other AV vendors work in exactly this way. Using the argument "if you don't trust administrators don't give them that access" is asinine. Why have tamper protection prevent an uninstall then ? I'm sure every virus writer out there knows that all they need do is stop the sophos service to evade detection.
        It should be more difficult to evade the endpoint protection - regardless of who you are. If an administrator needs to work on the agent, then they can use the password.
        If I had the option (and if we do) I'd choose a different vendor based on this alone.
        My guess is that voting in here is futile.

      Feedback and Knowledge Base