cancel
Showing results for 
Search instead for 
Did you mean: 

how to set EPO policy to set the on access scanner read only even the user account has admin privilege

Hi Mcafee Community,

I have inquiry, regarding on how to set up or make EPO policy to set the on access scanner read only even the user account has administrator privilege.

Kindly see below screenshot for example:

Screenshot for domain user account with admin privilege.

cid:image002.jpg@01CF49C8.26B7A490

What I want is: this on access scanner will turn into gray out (read only) even my user has admin privilege.

Like the normal user, kindly see below screenshot sample:

Screenshot for domain user account without admin privilege/ normal user.

cid:image006.jpg@01CF49C8.26B7A490

If you have any suggestion on how to meet this requirement kindly give me procedure/steps on how to do it.

Thank you so much!

Best regards,

Ronald

6 Replies

Re: how to set EPO policy to set the on access scanner read only even the user account has admin privilege

This is more a point product question than ePO tbh.

Moving to VirusScan group.

Re: how to set EPO policy to set the on access scanner read only even the user account has admin privilege

The way I do this in my environment is to password protect the VirusScan console.  We've locked out the entire user interface so administrators can't tamper with products settings.  You can, in your particular case, lock out just the OAS section and then nobody can edit it without having the console password (also set in the VS policy in EPO).

See page 21

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22941/en_US/...

Re: how to set EPO policy to set the on access scanner read only even the user account has admin privilege

Hi Rackroyd and Ssumichrast,

Thank you for your replies.

I tried to set password on the EPO Policy. I follow the product guide page 21. But it doesnt take effect.

Still user can Open access scanner.

What iam thinking now is to enable it manually

page 23

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22941/en_US/...

My question now is how to lock McAfee Virusscan User Interface

By script or any useful suggestion? i need to implement it for more than 400+ PC’s

for security reason that user will not be able to change the settings.

Kindly share if you have any suggestion or script on how to possibly do it.

Thank you so much!

Best regards,

Ronald

Re: how to set EPO policy to set the on access scanner read only even the user account has admin privilege

The problem with using a script is the end user will be able to undo the settings themselves if they're an administrator.  You should do this via ePO so that the policy is re-enforced by the MA at enforcement time to make sure your settings are not being tampered with.

Are you configuring password protection on the right tab (ie: on the server tab for servers, workstations for workstations)?

Re: how to set EPO policy to set the on access scanner read only even the user account has admin privilege

Hi Ssumichrast,

Thank you for the prompt response.

Yes iam on the right tab I dont know why my policy didnt take effect even i enforce the policy.

I want to implement this for all workstation, almost all of the user accounts in our environment has domain and local admin priveledge.

We are using EPO 5, kindly see below screenshot.

Do you have any suggestions on how to meet this requirements?

Kindly share thank you so much!

Best regards,

Ronald

Re: how to set EPO policy to set the on access scanner read only even the user account has admin privilege

Hi Ssumichrast/ to everyone,

Do you have script to meet this requirement? kindly share it to me for me to be able to test.

Or do you have any recommendation on how to meet this requirement?

Thank you so much!

Best regards,

Ronald