The Tamper protection policy option in OneView protects endpoints by limiting the end users' ability to uninstall the Endpoint Agent. This also prevents malicious threats from stopping, modifying, or deleting the agent.
Configure Tamper protection
- On the left navigation menu, click Configure > Policies.
- Click the + icon or select an existing policy.
- Select the Tamper Protection tab.
For the default settings, see ThreatDown recommended policy for OneView.
Options in this section are as follows:
Uninstall Protection and Command line
This feature is enabled by default and stops all endpoint users from uninstalling the endpoint agent software or stopping the service by requiring a separate password. Users who attempt to uninstall the endpoint agent cannot proceed without this password.
CAUTION - If an endpoint is unable to communicate with OneView and the uninstall password is changed, the previous password may be required to uninstall the software.
Policy tamper protection password
The password for all endpoints associated with this policy. This option restricts the use of tamper protection passwords to Global Administrators for enhanced security and auditing. Only Global Administrators can view and manage these passwords.
- Even when a site has a site tamper protection password set, the endpoint uses this password if it is in a policy with this option selected.
- Click the show password icon
to view the current password. This button only displays after the default password has been changed in the policy.
- Click the copy icon
to copy the current password when shown.
- Click Change password to modify the current password.
Site tamper protection password
Endpoints associated with this policy use a site tamper protection password instead. This enables administrators to apply the same policy across multiple sites while using different tamper protection passwords. Additionally, this allows customer and site administrators to view the tamper protection password through the OneView console.
- The site tamper protection passwords are viewed and managed on the Manage > Sites page by Global, Customer, and Site Administrators. For more information, see View Sites in OneView.
- Click View Site Tamper Protection passwords to view the list of currently used passwords among sites you have access to.
- When enabling this for the first time, check Set random password and click Confirm to generate passwords for all sites that don't have a tamper protection password set.
Service and process protection (Windows only)
Prevents malware from stopping, modifying, or deleting the following Windows services. The following options are available:
- Malwarebytes Endpoint Agent: Handles the communication between Nebula and the endpoint. Protected on Windows 10 Build 1703 and above.
- Malwarebytes Service: Protection component of OneView that blocks and removes threats. Protected on Windows 7 and above.