The Tamper protection policy option in OneView protects endpoints by limiting the end users' ability to uninstall the Endpoint Agent. This also prevents malicious threats from stopping, modifying, or deleting the agent.
Configure Tamper protection
- On the left navigation menu, click Configure > Policies.
- Click the + icon or select an existing policy.
- Select the Tamper Protection tab.
For the default settings, see ThreatDown recommended policy for OneView.
Options in this section are as follows:
-
Uninstall Protection: This feature is enabled by default and stops all endpoint users from uninstalling the endpoint agent software or stopping the service by requiring a separate password. Users who attempt to uninstall the endpoint agent cannot proceed without this password.
- Click the show password icon
to view the current password.
Note: This button only displays after the default password has been changed in the policy. - Click the copy icon
to copy the current password when shown.
- Click Change password to modify the current password.
CAUTION - If an endpoint is unable to communicate with OneView and the uninstall password is changed, the previous password may be required to uninstall the software.
- Click the show password icon
-
Service and Process Protection (Windows only): Prevents malware from stopping, modifying, or deleting the following Windows services:
- Malwarebytes Endpoint Agent: Handles the communication between Nebula and the endpoint. Protected on Windows 10 Build 1703 and above.
- Malwarebytes Service: Protection component of OneView that blocks and removes threats. Protected on Windows 7 and above.
Notes
- Endpoint Protection or Endpoint Detection and Response are required to use both features.
- Both features do not support Windows XP endpoints.