My users are local admins and are easily able to uninstall Virus Scan Enterprise. How can I set up an alert to notify me when this occurs? Better yet, is there a way to prevent this completely in ePO? I haven't figured out a way to accomplish this..
I have the 'prevent modification' and 'prevent termination' policy settings enabled but this alone does not seem to stop someone with local admin from simply uninstalling VSE.
Advice? Thank you!
you can protect the uninstallation of VSE by using a password.you can enable the password options by going to general option policies |password options
Thanks to you both for the suggestions. The reason for my post is that I have already set a password in the VSE general options policies and I have also enabled the appropriate block settings in the access protection policies/common standard protection settings, and I have also checked the 'prevent mcafee services from being stopped' option.
This is still not preventing a local administrator from simply uninstalling the software. I am definitely sure the VSE UI is locked down accordingly, and local admin users are not able to manually start/stop services using the services console, however they are still able to remove the VSE software from programs and features with no trouble at all, and no password prompt.
Is there anything I could possibly be overlooking?
You could use a MID (McAfee Insatallation designer) and create a package customized that VSE is not visible in add/remove programs, so they could not uninstall as I believe they dont have permissions to uninstall from registry keys.To download the MID you can do it from Mcafee download site with your VSE license.
In case that they have permissions to access to the registry, you can apply the following:
To make sure that VSE is running you have a query in VSE 8.8 patch 3 or later to see if OAS (On Access Scanner) is running, thet you can run from ePO.
I hope this help you to do what you looking for