4 Replies Latest reply on Feb 19, 2009 3:36 AM by noobav

    Access protection user-defined rule doesnt work !

      Whilst trying to get access protection user defined rules working and finding them removed by my Epo agent i then removed the epo agent from my computer with frminst.exe /remove=agent

      But the rules still dont work. For example when i add a user defined rule to stop files from running from USB drives like e:\*.* The rule works once but when i reboot or remove and add the USB again the rule although still present in the console doesnt work.

      Is it because something is left over from the Epo Agent ?

      is there some registry setting i can change ?

      im using 8.5i with patch 7

        • 1. RE: Access protection user-defined rule doesnt work !
          so you have broken your AV installation by removing the agent so you will no longer get updates/patches/DATs?

          are you just trying to prevent autoruns from devices?

          if so what os are you running as you do this with the OS not VSE
          • 2. RE: Access protection user-defined rule doesnt work !
            I realise I've probably done something stupid but what happened was we had virusscan 8 and updates stopped working so epo agent was installed to update the package to 8.5 but it wiped out the local user-defined rules i had.

            so thats why i unistalled the agent (i thought it could be uninstalled without breaking av), i have now reinstalled the updater part with frmpkg /install=updater

            I want updates i just dont want epo rules overriding rules i create on my machine.

            I'm running xp sp2

            so basically the rule i created was e:\***.swf now no longer works after the agent upgraded me to 8.5i.

            its to stop swf files running from USB.
            • 3. RE: Access protection user-defined rule doesnt work !
              The epo policies will override any local policies unless this has been switched off from the epo console for the machine.

              Have you tried asking the epo admin for an e drive rule?
              • 4. RE: Access protection user-defined rule doesnt work !
                Thanks for your help on this Tony i know you are right i just didnt want to trouble the epo admin although i am pretty sure uninstalling the agent now prevents policies from overriding what i do locally, as without the agent av cant talk to the their epo server anymore and have stuff wiped out every 5 minutes or whatever it is. Only trouble is now access protection user defined rules dont work properly.

                the main reason i didnt want to trouble them is because i didnt know whether they could add an e rule just for me and certain workstations at my site. As against adding it to all the other sites they send the policies down to ?

                i know they are very busy as well and i wanted a quick fix really but i suppose the quick and easy path leads to the darkside eh ?