windows firewall and endpoint protection - assurances they cannot be modified.

pma111
pma111 used Ask the Experts™
on
We need some assurance end users (who dont have local or domain admin rights) cannot amend local AV or Firewall settings. The AV is system centre endpoint protection. If they dont have local admin permissions over their laptop/desktop - is that 100% compliance they cannot amend these settings, or are there other avenues we need to test - if so what clever workarounds/tricks could a malicious user attempt to amend the firewall/AV? I did read about techniques such as NET STOP but surely for that to work still depends on permissions? these are windows 7 devices.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
Normal users cannot influence system wide settings. That holds true for firewall settings, AV settings, user accounts, security settings and so on.
I cannot speak for any AV product in the world since there might be 1 in 1000 that has a design flaw, but surely I can speak for the windows firewall. Go and test out what you user can do within AV settings. I could only guarantee that normally, no AV settings can be changed (with any AV I knew for the past 16 years).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial