By default, the Client Privilege settings are disabled. If you enable the Client Privilege function, the security agent clients can modifiy and override the following settings in WFBS-SVC:
For Windows Device:
- Manual scan settings
- Scheduled scan settings
- Real-time scan settings
- Skip and stop Scheduled Scan
- Postpone Scheduled Scan
- Displays Firewall on drop-down list under Security Protection tab
- Allows you to enable/disable firewall
Note: If you enable or disable the firewall, you cannot change these settings from the Web console. If you do not grant users this privilege, you can change these settings from the Web console. The information under Local Firewall settings on the Agent always reflects the settings configured on the Agent, not the Web console.
- Configures real-time scan for POP3 mail
- Disable regular Agent upgrade and hot fix deployment
Note: Deploying hot fixes, patches, security/critical patches, and service packs to a large number of agents simultaneously can significantly increase network traffic. Consider enabling this option on several groups so you can stagger the deployment.
Enabling this option also disables automatic build upgrades on agents (for example, from the Beta build to the release build of the current product version) but NOT automatic version upgrades (for example, from version 7.x to the current version). To disable automatic version upgrades, run the Security Server installation package and choose the option for delaying upgrades.
- Prevent users or other processes from modifying Trend Micro program files, registries and processes.
Note: The access permission settings of the Agent folders, files, and registry entries are inherited from the Program Files folder (for clients running Windows Vista/XP/Server 2003). Therefore, if the permissions settings (security settings in Windows) of the Windows file or Program Files folder are set to allow full read/write access, enabling this setting still allows clients full read/write access to the Client/Server Security Agent folders, files, and registry entries.
For MAC Device:
- Postpones or cancels Scheduled Scan
- Disables regular Agent upgrade and hotfix deployment
When you enable any of these features, any changes on the related settings from the Web console will no longer reflect on the security agent.
To access the Client Privileges function:
- Log in in to the WFBS-SVC console.
- Go to Devices > Group (Choose a group) > Configure Policy.
- Select Windows / MAC > Client Privileges.