0 Replies Latest reply on Jun 24, 2016 12:11 PM by Regis

    Collector agent:  'disable UAC'  as a requirement?

    Regis

      Greetings,

       

      Perusing  https://kc.mcafee.com/corporate/index?page=content&id=KB74847&actp=LIST to prepare for some collector agent and installs, and one bit of pre-req caught my eye: 

       

      SIEM Collector and MSI prerequisite requirements on Windows systems

      • Microsoft .NET Framework 3.5 is required to install this component; the Microsoft .net Framework 4.0 will not work. To download the .NET Framework, go to http://www.microsoft.com/downloads/en/details.aspx?FamilyId=333325fd-ae52-4e35-b 531-508d977d32a6&displaylang=en.
      • You cannot install Microsoft .NET Framework 3.5 on Windows ME, Windows NT 4.0, Windows 2000, or earlier. However, these systems can be remotely monitored by the Collector. See the Remote Host section in the readme file for details.
      • You must use a Windows service account to run the Collector service. This account must have Local Administrator rights on the systems where the agent will be installed.
      • Turn off the User Access Control (UAC) setting on Windows 7 and Windows 2008 systems (Control Panel, User Accounts, Turn User Account Control on or off).

      Q:  Is this something that only needs to be done during installation,  or do we seriously have the dreaded "security control requires neutering one of the better OS level improvements to security Microsoft made in 2008R2 and Win7"  as an operational requirement as well?

       

      Thanks for any insight or advice on this front.  I'm migrating to collectors for this task to get rid of having an unrestricted administrator account polling WMI remotely and having to disable OS level security controls to do security monitoring makes me weep. 

       

      Best Regards,

      R