RE: Symantec LiveUpdate and User Rights on Win2000

From: Roger A. Grimes (roger_at_banneretcs.com)
Date: 05/27/05

  • Next message: Robert Hines: "RE: XP native encryption" 
    Date: Fri, 27 May 2005 07:18:16 -0400
To: "Joe George" <j.george@conservation.org>, <security-basics@securityfocus.com>

    I had the same problem. Solution: Give users Modify rights to file path locations. Works like a charm. Each Symantec version has different locations so just use Sysinternal's filemon. I also give my more security-intelligent users Modify rights to some of the executables and services so they can have more control over the product (i.e. to initial a LiveUpdate or temporarily disable the scanning).

    Roger

    ***************************************************************************
    *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant
    *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
    *email: roger@banneretcs.com
    *cell: 757-615-3355
    *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly
    *http://www.oreilly.com/catalog/malmobcode
    *Author of Honeypots for Windows (Apress)
    *http://www.apress.com/book/bookDisplay.html?bID=281
    ****************************************************************************

    -----Original Message-----
    From: Joe George [mailto:j.george@conservation.org]
    Sent: Thursday, May 26, 2005 3:33 PM
    To: security-basics@securityfocus.com
    Subject: RE: Symantec LiveUpdate and User Rights on Win2000

    Sorry, I should have provided more details. We do indeed have a centralized managed server providing updates. The problem is when, a client (say one with a laptop) leaves the office, their updates aren't being regularly pushed. Without liveupdate ability while under user rights, this is extremely troublesome for those who will be on travel for longer than 2-3 weeks (which is often the case here).

    Thanks for your prompt input, Anthony.

    Best regards,

    Joe

    -----Original Message-----
    From: Bundschuh, Anthony D [mailto:ANTHONY.D.BUNDSCHUH@saic.com]
    Sent: Thursday, May 26, 2005 3:26 PM
    To: 'Joe George'; Bundschuh, Anthony D; security-basics@securityfocus.com
    Subject: RE: Symantec LiveUpdate and User Rights on Win2000

    You could setup a Symantec Central server. The users would not be able to do live update, but the server would push out updates.

    -----Original Message-----
    From: Joe George [mailto:j.george@conservation.org]
    Sent: Thursday, May 26, 2005 1:18 PM
    To: Bundschuh, Anthony D; security-basics@securityfocus.com
    Subject: RE: Symantec LiveUpdate and User Rights on Win2000

    We do not want them to have power user rights either.

    -----Original Message-----
    From: Bundschuh, Anthony D [mailto:ANTHONY.D.BUNDSCHUH@saic.com]
    Sent: Thursday, May 26, 2005 3:13 PM
    To: 'Joe George'; security-basics@securityfocus.com
    Subject: RE: Symantec LiveUpdate and User Rights on Win2000

    You can add the users to the power users group. Power users can install virus definitions.

    -----Original Message-----
    From: Joe George [mailto:j.george@conservation.org]
    Sent: Tuesday, May 24, 2005 9:56 AM
    To: security-basics@securityfocus.com
    Subject: FW: Symantec LiveUpdate and User Rights on Win2000

    Greetings all,

    We are currently in the process of removing Administrative rights from end users.  As you may already know, when someone logs in with only User rights, they are no longer able to install AV definitions through the LiveUpdate feature.  This is one of the most crucial things we'd like our clients to be able to access in case they are on travel or working remotely.  A Trojan/virus has less of a chance of being initialized under user rights, but it is important that the user be able to maintain the definitions if needed.  Is there a tweak out there?

    Thanks in advance.

    Best Regards,

    Joe George
    IT Analyst
    Conservation International

  • Next message: Robert Hines: "RE: XP native encryption"

    Relevant Pages