On running some tests to confirm that Access Protection is working, I have attempted the following:
1) Manual change of agent.ini from notepad. Access is denied, and violation attempt is logged in AccessProtectionLog.txt
2) Manual change of AccessProtectionLog.txt results in firstly 'the process cannot access the file because it is being used by another process'. Click OK, and save as AccessProtectionLog.txt allows me to write to the file.
I would have thought that the AccessProtectionLog.txt file would be included in the Access Protection - is this by design? I appreciate that the logs get sent through to the ePO server, but in the case of that communication not being available, wouldnt this be thought of as a security issue? The same test (2) was run successfully for all files in %DEFLOGDIR%
All components running on same server:
ePO 4.6.1 (build 1192) running on Win2k8R2 Standard SP1
Buffer Overflow and Access Protection DAT 588
I'm inclined to agree. We shouldn't allow users to succeed in doing that, if we can stop them.