4 Replies Latest reply on Feb 19, 2009 3:36 AM by noobav

    Access protection user-defined rule doesnt work !

      Whilst trying to get access protection user defined rules working and finding them removed by my Epo agent i then removed the epo agent from my computer with frminst.exe /remove=agent

      But the rules still dont work. For example when i add a user defined rule to stop files from running from USB drives like e:\*.* The rule works once but when i reboot or remove and add the USB again the rule although still present in the console doesnt work.

      Is it because something is left over from the Epo Agent ?

      is there some registry setting i can change ?

      im using 8.5i with patch 7

      Thanks
        • 1. RE: Access protection user-defined rule doesnt work !
          tonyb99
          so you have broken your AV installation by removing the agent so you will no longer get updates/patches/DATs?

          are you just trying to prevent autoruns from devices?

          if so what os are you running as you do this with the OS not VSE
          • 2. RE: Access protection user-defined rule doesnt work !
            I realise I've probably done something stupid but what happened was we had virusscan 8 and updates stopped working so epo agent was installed to update the package to 8.5 but it wiped out the local user-defined rules i had.

            so thats why i unistalled the agent (i thought it could be uninstalled without breaking av), i have now reinstalled the updater part with frmpkg /install=updater

            I want updates i just dont want epo rules overriding rules i create on my machine.

            I'm running xp sp2

            so basically the rule i created was e:\***.swf now no longer works after the agent upgraded me to 8.5i.

            its to stop swf files running from USB.
            • 3. RE: Access protection user-defined rule doesnt work !
              tonyb99
              The epo policies will override any local policies unless this has been switched off from the epo console for the machine.

              Have you tried asking the epo admin for an e drive rule?
              • 4. RE: Access protection user-defined rule doesnt work !
                Thanks for your help on this Tony i know you are right i just didnt want to trouble the epo admin although i am pretty sure uninstalling the agent now prevents policies from overriding what i do locally, as without the agent av cant talk to the their epo server anymore and have stuff wiped out every 5 minutes or whatever it is. Only trouble is now access protection user defined rules dont work properly.

                the main reason i didnt want to trouble them is because i didnt know whether they could add an e rule just for me and certain workstations at my site. As against adding it to all the other sites they send the policies down to ?

                i know they are very busy as well and i wanted a quick fix really but i suppose the quick and easy path leads to the darkside eh ?