This content has been marked as final. Show 2 replies
We have our Console locked and have our tech's type in the password to unlock the console. Then they can disable whatever they wish. Only issue is the policy enforcement interval (Default is 5 minutes), it will turn everything back on.
If you want to give your tech's the ability to have it off longer, then you could either change the policy enforcement to longer or change the access protection policy to allow the framework service to be turned off. (Prevent McAfee services from being stopped.) Then the tech's could stop the framework service resulting in no policy enforcement. Then disable any options in the console....
I think those are your options.
So if they had the ability to disable the framework service and you are no longer able to enforce policies. How would you restore that ability? Force install the agent on non-compliant systems? Or walk around and manually re-enable the framework service?
What about an audit log of when the service was disabled to match to a user login in the event log? So I have something to show management to justify not giving them the ability to disable AV. :D
I know it’s sad that I have to babysit and worry about Tech's & Programmers doing things like that but I do.