RedLine 0 Posted March 21, 2016 Posted March 21, 2016 I want to secure Endpoint settings with password but get permissions for users, for example, to disable AV protection for 5 minutes or 15 minutes. Is it possible?
21jags 0 Posted March 21, 2016 Posted March 21, 2016 When you set password for advance setup setting access, it will always prompt to enter the password to disable the AV. You can mention the reason why you want to disable the AV.
RedLine 0 Posted March 21, 2016 Author Posted March 21, 2016 When you set password for advance setup setting access, it will always prompt to enter the password to disable the AV. You can mention the reason why you want to disable the AV. Sometimes users thinking that AV blockes Internet or some program. I want to give users permission just disable antivirus for 5 minutes.
ESET Staff MichalJ 434 Posted March 21, 2016 ESET Staff Posted March 21, 2016 As of now, this is not possible. User needs to have administrative privileges, to be able to disable, and they have to know the password. But you can´t define a "override list", with granular settings for each user. We are working on changes of this behavior, however it was never before required to allow disabling only to some extent.
tmuster2k 22 Posted March 21, 2016 Posted March 21, 2016 As of now, this is not possible. User needs to have administrative privileges, to be able to disable, and they have to know the password. But you can´t define a "override list", with granular settings for each user. We are working on changes of this behavior, however it was never before required to allow disabling only to some extent. I had customer log out of standard user account and log in with domain admin credentials and the settings were still locked. How can you get access to these settings ?
ESET Staff Gonzalo Alvarez 66 Posted March 21, 2016 ESET Staff Posted March 21, 2016 Hi @RedLine, Aside what you ask, give the Users the ability to disable the antivirus protection because "they think" or "perhaps is the antivirus blocking" is not good. Is a security risk from my point of view. If you are in charge of the security of the company, you should know what programs are running and who has the in/out permissions of the network. For me is like a monkey with a dynamite cartridge in one hand and a cigarette lighter in the other.
ESET Staff MichalJ 434 Posted March 22, 2016 ESET Staff Posted March 22, 2016 The only way, how you can disable the AV locally, is via the setup screen. Settings in advanced settings (F5 menu) are under control of ERA, meaning if a setting is enforced by ERA policy, in current implementation it is not possible to change it locally, even when user has administrative account. However, you can temporarily disable AV in the setup pane. But as Gonzalo said, this is not recommended.
Recommended Posts