How prevent administrators privilege to stop F-Secure easily?

Highlighted
Scholar

How prevent administrators privilege to stop F-Secure easily?

I don't know why F-Secure allow administrator stop F-Secure related service easily? (ex : Device Control、F-Secure Management Agent)...

Some virus or malware have "watch dog",if A process terminated by user.B process will wake it up.

If virus have this ability WHY F-Secure don't have ?

I think "protect F-Secure process and service" is the most important to defend Virus to stop it!!

 

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure Product Expert
F-Secure Product Expert

Re: How prevent administrators privilege to stop F-Secure easily?

Hello MichaelYou,

 

Sorry for the delay in the reply. This is unfortunately due to the nature of the administrator role on Windows. 

 

We therefore advise not to give administrator rights to normal user. 



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

View solution in original post

8 REPLIES 8
Scholar

Re: How prevent administrators privilege to stop F-Secure easily?

NOBODY REPLY ? NO SOLUTION ?

F-Secure Product Expert
F-Secure Product Expert

Re: How prevent administrators privilege to stop F-Secure easily?

Hello MichaelYou,

 

Sorry for the delay in the reply. This is unfortunately due to the nature of the administrator role on Windows. 

 

We therefore advise not to give administrator rights to normal user. 



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

View solution in original post

Scholar

Re: How prevent administrators privilege to stop F-Secure easily?

Dear Ben :

 

Actually I don't think administrator is windows nature so that whom can stop Antivirus Easyly!

Antivirus must have Local System permission and shoud be have self protection to prevent virus or malware to stop or terminate it! It is basic function for the Antivirus software.

Tags (1)
Superuser

Re: How prevent administrators privilege to stop F-Secure easily?

Hello,

 

I think antivirus would need to run in kernel mode to be "un-stoppable" by full admin. This means computer would go BSOD in case of a software bug or any other problem. F-Secure used to run in the kernel many years ago, but was rewritten to be a users-pace software as much as possible, because users are concerned about system stability before security. I think only small parts of the F-Secure proprietary personal firewall in FSAVCS and FSAV PSB run in kernel mode nowadays.

 

On the other hand, for most antivirus software, the vendors (including F-Secure Corp.) release well-known standalone utility programs to uninstall their protection suites. Even if the protection was proof againt admin-stopping, the uninstallation would need to be password protected to make unauthoried use of the uitool util impossible. Such per-computer password management would be complicated for a company or enterprise customer. If the password is static, it will be post-it noted on the caffe machine after a few days, that's the nature of things.

 

But I think adding the password based uninstall-prevention method is worth considering, if it could be integrated with FS Policy Manager and PSB Portal.

 

Best Regards: Tamas Feher, Hungary.

Scholar

Re: How prevent administrators privilege to stop F-Secure easily?

Dear etomcat :

 

Thanks for your reply.

I think Antivirus is "Security software" and virus or malware increase very fast everyday.

I know the most vendor of antivirus scan engine run Kernel Mode

In my experience viruses from China is most run Kernel Mode too!

Therefore if F-Secure run User Mode for the reason of system stabilty

F-Secure process or service can easily stop if virus have admin permission.

we  have over 2500 computer using F-Secure product in my company.

I hope F-Secure should be face and solve this problem ASAP.

Scholar

Re: How prevent administrators privilege to stop F-Secure easily?

DearBen:

 

I think it is not a solution from your reply.

because it's IMPOSSIBLE give everyone only "Normal User" permission in my company even others.

We have over 2000 empolyee using F-Secure product and the most user is "Normal user"

But some manager have "Administrator permission" 

 

 

F-Secure Product Expert
F-Secure Product Expert

Re: How prevent administrators privilege to stop F-Secure easily?

Thank you for the feedbacks.

 

You can always make your request more visible by posting it to the Feature Requests board or commenting on the already suggested ideas going in the same direction. 



Best Regards

-Ben

_________________________________

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
F-Secure Product Expert

Re: How prevent administrators privilege to stop F-Secure easily?

Even though it's some time ago, someone wrote something within this topic...

 

Within AD you can easily create a GPO to change Administrators rights to prevent them stopping F-Secure services. Just create a new GPO and change the permissions for F-Secure services (Sorry only german screenshots...):

Dienstauswählenundbearbeiten.png

DienstBearbeiten.png

AdminRechteNehmen.png

 

With read access only, even an admin will receive Error 5 (Access Denied).