Endpoint Protection

 View Only
  • 1.  SEP 12.1 UAC prompt

    Posted Sep 09, 2011 05:38 AM

    Hello together,

    I upgraded our SEPM this wednesday. And since them I also updated a few clients. Until yesterday I was able to run the SEP Status Console on the clients without getting a prompt by UAC. Today I get this prompt equal if I've admin rights or not.
    With SEP 11.x we didn't had this issue.
    Is their a solution?
     



  • 2.  RE: SEP 12.1 UAC prompt

    Trusted Advisor
    Posted Sep 09, 2011 08:55 AM

    Hello,

    Please Disable UAC.

     

    User Account Control (UAC)

    In some situations, UAC can block access to the remote computer's administrative shares if you attempt to authenticate to the remote computer with a user account local to the remote computer. (Source: http://support.microsoft.com/kb/947232)

    In this situation, you can either authenticate to the remote computer using a domain administrator's account or else you can temporarily disable UAC.

     

    Account Privileges

     

    Please ensure the account you are using to deploy the SEP client has sufficient privileges and is not a restricted account. In most situations, it is most appropriate to use a domain administrator account. If this is not possible, use a local administrative account for the remote computer, but be aware of the UAC restriction (above)

     

    Reference: 

     

    http://www.symantec.com/docs/TECH165133

     

    Hope that helps!!!



  • 3.  RE: SEP 12.1 UAC prompt

    Posted Sep 09, 2011 03:18 PM

    SEP Status Console?  Do you mean when clicking on the system tray icon you get a UAC prompt on clients?  

     

    If so this is as designed and you need to disable UAC, there was changes made in 12.1 regarding accounts running the client gui (SMCGUi.exe) to be in line with Microsofts best pratices and UAC prompts are to be expected.



  • 4.  RE: SEP 12.1 UAC prompt

    Posted Sep 12, 2011 12:40 AM

    I do realise that security and functionality will always be at odds with each other. I also applaud those that try and make the systems more secure.

    Please explain, why I should make the overall security state of my machine less secure by turning off UAC just for the benefit of one program? To me it does not make sense to constantly run in a less secure environment.

    Surely the display client components can be seperated from the configuration components? Why should UAC be invoked to display if my client is up to date with definitions? To change debug log settings or import a new SYLINK file, now that should require UAC.

     

    For the SEPM console alone there are four KB articles that relate to the same UAC problems and blank Home, Reports and Monitors tab.



  • 5.  RE: SEP 12.1 UAC prompt

    Posted Sep 13, 2011 03:19 AM

    I agree with Ian_C. Our Windows 7 Migration team decided to use UAC and I would wish that their is a solution without disabling UAC.

    Hopefully we find a workaround when it's planed to be so in sep 12.1



  • 6.  RE: SEP 12.1 UAC prompt

    Posted Sep 13, 2011 04:21 AM

    At this point, there is no workaround.

    With SEP11, our system tray ran with admin rights, with SEP12, it runs with minimal user rights and lower integrity level requirements.

    At the moment, our GUI is either all or nothing, and there are a number of items with the GUI that do need admin rights, so we have to elevate on opening, rather than for each specific item where required.

    In the future, we would look to move UAC inside the GUI so that each item that requires elevation will prompt, but thats a massive change in the way our client is engineered.



  • 7.  RE: SEP 12.1 UAC prompt

    Posted Mar 07, 2012 03:59 AM

    It is needed for:

    -being able to check signature version

    -being able to run a LiveUpdate (think about VPN where signature requirements are enforced)

    -being able to perform a full or partial (eg. pendrive) scan

     

    Symantec, please do not suggest to turn off Microsoft's UAC. It is such a lame thing as Microsoft suggests to turn off virus protection during some of their produsct's installation...



  • 8.  RE: SEP 12.1 UAC prompt

    Posted Mar 07, 2012 05:52 AM

    Hi,

    Please disable UAC (User Access Control).