DeltaSM 0 Posted January 10, 2018 Share Posted January 10, 2018 Hello, We use ESET Endpoint Antivirus on our computers. Some users are Administrators (developers which need full rights) and others are "simple" Users. We did configure parameters of the Endpoint without password so that Administrator users can add some exceptions if needed. We did block some parameters that can't be modified by users even if they're Administrators. Everything is OK except that, if no password is set for parameters, Administrator users can uninstall the Endpoint without any problem. My question is simple: is there a way to block ESET Endpoint Antivirus from being uninstall from an Administrator user without setting a password on the parameter? Is there a way to set a password for software removal only (like ESET Agent)? Regards, DeltaSM Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 10, 2018 Administrators Share Posted January 10, 2018 No. ESET products can be uninstalled by users with administrator rights. Only password protection can prevent users from uninstalling the security product. However, there's a possibility to enter override mode if defined by a policy and change settings during a limited time period. Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted January 10, 2018 Author Share Posted January 10, 2018 Hello Marcos, thanks for your answer. Problem is, if override mode is available for users and that password is set, that means users must know the password to access it because it is in the advance setup parameters. If they know the password, they could also uninstall the software. So it's not good in this case. A good feature for the future would be a dedicated password for uninstalling like ESET Agent. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted January 10, 2018 ESET Staff Share Posted January 10, 2018 @DeltaSM We will track the feature request, for the future version (either a dedicated password or an override started from the main GUI, not from the advanced settings). Ideally both. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 10, 2018 Administrators Share Posted January 10, 2018 Please elaborate more on what kind of exceptions administrator users should be able to make so that we better understand your use case and can better address all the inconveniences. Is it only exclusions of files or also something else? Link to comment Share on other sites More sharing options...
jdashn 12 Posted January 10, 2018 Share Posted January 10, 2018 I would guess if the users are admins on their box, they'd be able to startup the computer in safe mode, easily allowing them to run the uninstaller tool bypassing the password protection as well... if i'm not mistaken. Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted January 11, 2018 Author Share Posted January 11, 2018 @MichalJ: It will be nice! Thanks a lot for the feature request! @jdashn: Silly question: why is password bypassing easy in Safe Mode? @Marcos: we didn't password protected our parameters because our administrators to add exceptions for SSLfiltering for example. This is the main reason: if they connect a device with a self-signed certificate, they can't connect to it without the possibility of adding exceptions.All the other settings are locked. ESET solutions are very good but I think there are lots of improvements to do on the user side. Admin should device or not if users can add their on own exceptions/exclusions. I know this is feasible but you have to set no password or either don't set exclusion policies (which is set in our case). I know that it would be improved in the next release Link to comment Share on other sites More sharing options...
jdashn 12 Posted January 11, 2018 Share Posted January 11, 2018 @DeltaSM There is an application provided by eset "Eset Uninstaller Tool" https://support.eset.com/kb2289/?locale=en_US it allows you to easily uninstall ESET without a password. Works in safe mode only IIRC. There was a previous version of the tool that worked quite well outside of safemode to remove eset installs (still works, we use it, but you can't find the download for it anymore). When it comes down to it, if someone is an admin (administrator group on a windows box) on a computer, they can do whatever they want, really. Only way to stop that is to show your devs how to do their job with-out admin rights on their login account, or a set of super strong policies that are enforced (and monitored) and a HR department prepared to fire folks for breaches of that policy (IE. you uninstall your Virus scanner we will fire you, and a script that checks for said software, reports violations). At least that's been my experience. Jdashn Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted January 12, 2018 Author Share Posted January 12, 2018 Hello Jdashn, Thanks for the explanation. Unfortunately, the use of non-admin rights seems pretty impossible in our case. We have already policies that are more and more strong and we also try to raise awareness among our HR department... Life is not simple for an IT department Regards, DeltaSM Link to comment Share on other sites More sharing options...
Recommended Posts