You want to know the Client Privilege settings for the Device Group in Worry-Free Business Security Services (WFBS-SVC).
By default, the Client Privilege settings are disabled. If you enable the Client Privilege function, the security agent clients can modifiy and override the following settings in WFBS-SVC:
- Manual scan
- Scheduled scan
- Real-time scan
- Enable or disable Scheduled Scan
- Skip and stop Scheduled Scan
- Postpone Scheduled Scan
- View firewall settings
Enable or disable the firewallIf you enable or disable the firewall, you cannot change these settings from the Web console. If you do not grant users this privilege, you can change these settings from the Web console. The information under Local Firewall settings on the Agent always reflects the settings configured on the Agent, not the Web console.
- Continue browsing a malicious URL until the endpoint is restarted
- Continue browsing a restricted URL until the endpoint is restarted
- View and configure Behavior Monitoring settings
- View and configure alert settings.
Security Agent Upgrade Settings
Postpone upgrade: day(s)
- Enabling this option postpone the major agent version upgrade after 1-99 days
- Upgrade will push through if current date > Latest version release date + “configured” days
Do not apply non-critical hot fixes
- Deploying hot fixes, patches, security/critical patches, and service packs to a large number of agents simultaneously can significantly increase network traffic. Consider enabling this option on several groups so you can stagger the deployment.
- Enabling this option disables automatic build upgrades on agents (for example, from the Beta build to the release build of the current product version) but NOT automatic version upgrades (for example, from version 6.5 to the current version).
Security Agent Self-Protection
Prevent users or other processes from modifying Trend Micro program files, registries and processes.The access permission settings of the Agent folders, files, and registry entries are inherited from the Program Files folder (for clients running Windows Vista/XP/Server 2003). Therefore, if the permissions settings (security settings in Windows) of the Windows file or Program Files folder are set to allow full read/write access, enabling this setting still allows clients full read/write access to the Client/Server Security Agent folders, files, and registry entries.
- Postpones or cancels Scheduled Scan
- Disables regular Agent upgrade and hot fix deployment
When you enable any of these features, any changes on the related settings from the Web console will no longer reflect on the security agent.
To access the Client Privileges function:
- Log on to the WFBS-SVC console.
- Go to Devices > Group (Choose a group) > Configure Policy.
- Select Windows / MAC > Privileges and Other Settings.