Is there a way to prevent a service from being turned off, including admins?

J

jonw757

Gawd
Joined
Dec 7, 2004
Messages
661
Just wondering, ive been trying to find some way of doing it and cant come up with anything. We have an issue where developers will shut off their antivirus to "improve" pc performance. Due to workplace politics worst thing I can do is tell them not to do it and then they do it again anyway.

The A/V eTrust 7, god I hate it, allows you make it so they cant shut the software off but can still disable the service if your an admin.

Also is it possible to do a realtime search of services to see if anyone has it disabled? Thanks!!
 
It's a non-technical solution, but I would make up a list of guidelines for computer usage, such as running an up to date A/V package, and threaten termination if they don't comply. We use Symantec Corporate, and if your machine is out of date or doesn't have it installed (and running) you're dropped off the network.
 
You could ask Sony to borrow their rootkit so you can hide it completely. :D

As far as the guidelines go, most programmers (I've ever met anyway) think they're better than everyone :rolleyes: and wouldn't follow them anyway.
 
djnes said:
It's a non-technical solution, but I would make up a list of guidelines for computer usage, such as running an up to date A/V package, and threaten termination if they don't comply. We use Symantec Corporate, and if your machine is out of date or doesn't have it installed (and running) you're dropped off the network.
Click to expand...


Ditto ..or just make them standalone machines and completely isolate them from the internet
 
Asking them or threatening with termination wont happen, I need a forced way to do it. They wont get fired no matter what.. :(
 
Domain policies allow you to set permissions on services.......... ;)

I'd do some serious testing in a "lab" before deploying to production workstations.
 
Can't you install symantec on a server then install it in managed mode on all the pc's? Here at work we have symantec and there's no way to turn off the real-time file system protection from the pc's end.
 
SJConsultant said:
Domain policies allow you to set permissions on services.......... ;)

I'd do some serious testing in a "lab" before deploying to production workstations.
Click to expand...

Cool, didnt know that.. Problem is our server AV is different then our desktop AV.. anyway around that?

Slartibartfast said:
Can't you install symantec on a server then install it in managed mode on all the pc's? Here at work we have symantec and there's no way to turn off the real-time file system protection from the pc's end.
Click to expand...

Yes, we were on symantec a couple years ago then for whatever reason they switched to etrust, now we are going to recommend going back to symantec.
 
Deny them admin access, since they shouldn't need it anyway? There is no way to circument it, as a local admin can go and just patch the circumvention mechanism.



This posting is provided "AS IS" with no warranties, and confers no rights.
 
You must log in or register to reply here.
Back
Top