Admin users can uninstall F-Secure easily

MohammadReza
MohammadReza W/ Alumni Posts: 31 Security Scout

Hello 

we have a problem with F-Secure uninstallation .

when we install F-Secure through SCCM or Active directory in some cases we have an extra option in Programs and Feature with the name of F-Secure Client Security 12.00. 

Users can uninstall that and after uninstallation other modules, like DeepGuard, Device Control,..., get uninstalled as well.

But in some cases we don't have this program in programs and features. Therefore, there is not any problem.

 

Users in both cases cannot uninstall any part of F-Secure such as DeepGuard and ... but Client Security 12.00.

 

Picture one with uninstall problem:

2016-03-12_16-40-41.jpg

 

Picture two without uninstall problem:

2016-03-12_16-41-35.jpg

 

Policy in both cases: 

2016-03-12_16-43-35.jpg

Comments

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    I think F-Secure products can always be uninstalled by endpoint users logged in with administrator rights?

     

    Considering there is an official, freely downloadable utility called "F-Secure Uninstallation Tool", that can brute-force remove F-Secure client protection if run with admin credentials, it would make little sense to block the regular method of FSAVCS uninstallation (via the Windows Control Panel / Programs icon).

     

    Some other AV competitors use such a method that even their stand-alone uninstall utility won't run, unless the correct uninstall password is provided and that password can be individualized on a per-computer basis. In such a case, unauthorized uninstallation requires booting Windows in Safe Mode and manually removing files, registry keys.

     

    Best Regards: Tamas Feher, Hungary.

This discussion has been closed.