cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vandreytrindade
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 5

Deny framework from being uninstalled...

Hi,

I'm using ePO to manage VirusScan on the computers in my organization.

All users have administrator rights in the machines and they are able to uninstall the framework using the command line:

  • "C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe" /forceuninstall

Is there a way to deny framework from being uninstalled that way?

Using policies in ePO... NTFS permissions or something else?

Att,
Vandrey Trindade
4 Replies
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Deny framework from being uninstalled...

Yes, but you will unavoidably break something (such as any hopes of upgrading). So this type of action is not supported.

There is a commonly requested product enhancement of wanting to password protect the removal of our software (instead of taking away admin privileges).

But, arguably there's need within companies to monitor and even sanction what users with admin privileges do instead of relying on software to protect itself from administrators. The windows security model means Administrators have full control of everything - all software can do is make it more difficult for them.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
vandreytrindade
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Deny framework from being uninstalled...

Alright...

The problem I'm facing is that the organization have no sanctions for the users who uninstall critical software....

The password protection sounds nice and is something that can be enabled/disabled if the organization wants.

Why McAfee don't give us the option to do it?

Att,
Vandrey Trindade
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Deny framework from being uninstalled...

I believe we want to, it's just a question of when. Normally something like this would be considered for inclusion in a future product release, and Support can't provide you much insight into what future products will look like or when they'll be available - at least, not until those releases are closer to an actual release date.

If you have a Support Account Manager (SAM/RSAM), you could ask them about future releases.

I could suggest trying to use VSE's access protection feature to assist you in hindering your admins, but I don't want someone to incorrectly create an AP rule and wind up trashing their network - which is entirely possible with bad AP rules. So, as long as you're careful with the rules and test them thoroughly before rolling them out, it's a plausible solution.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
vandreytrindade
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: Deny framework from being uninstalled...

Ok wwarren.

Thanks for your time and patience!

Have a nice day.

Att,
Vandrey Trindade
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community