subject:"RE\: \[NTSysADM\] Sohpos disables UAC \?"

Re: [NTSysADM] Sohpos disables UAC

2017-03-13 Thread Klaus Hartnegg


Am 13.03.2017 um 20:50 schrieb Kennedy, Jim:

When you follow through on that article I linked to...to the Sophos
KB on this.  It appears to only happen when a scan finds something,
like malware. Then it performs the cleanup function that resets
this.


It does not reset it, it disables it. And it does not report malware.

RE: [NTSysADM] Sohpos disables UAC

2017-03-13 Thread Kennedy, Jim

When you follow through on that article I linked to...to the Sophos KB on this. 
 It appears to only happen when a scan finds something, like malware.  Then it 
performs the cleanup function that resets this.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Klaus Hartnegg
Sent: Monday, March 13, 2017 3:46 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Sohpos disables UAC

Several more affected PCs found, but also two counter examples: same Windows, 
same Sophos, but UAC is on. Strange.

-- 
Message sent from a mobile device, please excuse brevity and typos

Re: [NTSysADM] Sohpos disables UAC

2017-03-13 Thread Klaus Hartnegg


Am 10.03.2017 um 17:24 schrieb Klaus Hartnegg:

Many computers here suddenly have UAC off, and my research points to
Sophos installer/updater as culprit: UAC stays on when rebooting
normally, but reproducably switches to off after a reboot that followed
an install, uninstall, or larger update of Sophos. Maybe it only happens
if SRP is turned on. I will continue testing on Monday, but maybe others
already know more??


Today I reproduced this on another PC, in an almost fresh install of 
Win7 enterprise (only MS-Office and the updates for Windows and Office 
were already installed):


As soon as I install Sophos, wait until it is up to date, and then 
reboot, UAC is off.


If I turn UAC back on, then uninstall Sophos Antivirus and reboot, UAC 
is off again. Uninstalling the other components of Sophos does not 
disable UAC. Probably auto-install of larger Sophos-upgrades also 
disables UAC.


Also interesting: When I enable the group policy "Admin Approval Mode 
for the Built-in Administrator account", then the Sophos installer 
(SophosEndpoint.exe) does not change UAC. But then it also does not 
install the Antivirus component, only the other components (AutoUpdate, 
Endpoint Defense, Network Threat Protection, and System Protection).


On Wednesday I can try in a Win7 with definitely nothing else ever 
installed or configured except Windows updates. I hope that our computer 
center can also reproduce this, and then opens a support ticket with Sophos.

Re: [NTSysADM] Sohpos disables UAC ?

2017-03-10 Thread Erik Goldoff

absolutely it is, prevents elevated actions without at least user
notification and approval

On Fri, Mar 10, 2017 at 11:41 AM, James M. Pulver 
wrote:

> As far as I know, UAC isn't a security feature.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
> On 03/10/2017 11:24 AM, Klaus Hartnegg wrote:
>
>> Has anybody recently seen Sophos Antivirus ("Endpoint Security")
>> disabling User Account control in Windows 7?
>>
>> Many computers here suddenly have UAC off, and my research points to
>> Sophos installer/updater as culprit: UAC stays on when rebooting
>> normally, but reproducably switches to off after a reboot that followed
>> an install, uninstall, or larger update of Sophos. Maybe it only happens
>> if SRP is turned on. I will continue testing on Monday, but maybe others
>> already know more??
>>
>> I had previouosly read complaints that antivirus software sometimes
>> disables certain security features, but UAC!?!
>>
>>
>>
>
>

RE: [NTSysADM] Sohpos disables UAC ?

2017-03-10 Thread Kennedy, Jim

Google says:

https://www.404techsupport.com/2015/07/sophos-endpoint-clean-resets-certain-windows-security-settings-default-values/

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Friday, March 10, 2017 12:37 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Sohpos disables UAC ?

That would be bad, very bad. Not just from a security perspective - certain UWP 
apps on Windows 10 misbehave considerably if UAC is disabled.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Klaus Hartnegg
Sent: 10 March 2017 16:24
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Sohpos disables UAC ?

Has anybody recently seen Sophos Antivirus ("Endpoint Security") disabling User 
Account control in Windows 7?

Many computers here suddenly have UAC off, and my research points to Sophos 
installer/updater as culprit: UAC stays on when rebooting normally, but 
reproducably switches to off after a reboot that followed an install, 
uninstall, or larger update of Sophos. Maybe it only happens if SRP is turned 
on. I will continue testing on Monday, but maybe others already know more??

I had previouosly read complaints that antivirus software sometimes disables 
certain security features, but UAC!?!

RE: [NTSysADM] Sohpos disables UAC ?

2017-03-10 Thread James Rankin

That would be bad, very bad. Not just from a security perspective - certain UWP 
apps on Windows 10 misbehave considerably if UAC is disabled.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Klaus Hartnegg
Sent: 10 March 2017 16:24
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Sohpos disables UAC ?

Has anybody recently seen Sophos Antivirus ("Endpoint Security") disabling User 
Account control in Windows 7?

Many computers here suddenly have UAC off, and my research points to Sophos 
installer/updater as culprit: UAC stays on when rebooting normally, but 
reproducably switches to off after a reboot that followed an install, 
uninstall, or larger update of Sophos. Maybe it only happens if SRP is turned 
on. I will continue testing on Monday, but maybe others already know more??

I had previouosly read complaints that antivirus software sometimes disables 
certain security features, but UAC!?!

Re: [NTSysADM] Sohpos disables UAC ?

2017-03-10 Thread James M. Pulver


As far as I know, UAC isn't a security feature.

James Pulver
CLASSE Computer Group
Cornell University

On 03/10/2017 11:24 AM, Klaus Hartnegg wrote:

Has anybody recently seen Sophos Antivirus ("Endpoint Security")
disabling User Account control in Windows 7?

Many computers here suddenly have UAC off, and my research points to
Sophos installer/updater as culprit: UAC stays on when rebooting
normally, but reproducably switches to off after a reboot that followed
an install, uninstall, or larger update of Sophos. Maybe it only happens
if SRP is turned on. I will continue testing on Monday, but maybe others
already know more??

I had previouosly read complaints that antivirus software sometimes
disables certain security features, but UAC!?!

Re: [NTSysADM] Sohpos disables UAC

RE: [NTSysADM] Sohpos disables UAC

Re: [NTSysADM] Sohpos disables UAC

Re: [NTSysADM] Sohpos disables UAC ?

RE: [NTSysADM] Sohpos disables UAC ?

RE: [NTSysADM] Sohpos disables UAC ?

Re: [NTSysADM] Sohpos disables UAC ?

7 matches

Site Navigation

Mail list logo

Footer information