• Tamper Protection not being enforced
• Able to stop/disable the App Control service
• Able to modify App Control files

• App Control Agent: All Supported Versions
• App Control Console: All Supported Versions

There are multiple ways that Tamper Protection can be disabled or even weakened. Global Settings can be overridden by per-Policy settings, which can be overridden by per-Agent settings. To determine which combination of settings may be interfering with Tamper Protection:

1. Log in to the Console and navigate to /support.php > Advanced Configuration:
   • Verify Enable Agent Uninstall is unchecked.
   • Verify Disable Tamper Protection is unchecked.
2. Open a command prompt or use Terminal to issue the relevant commands to check for weakened Tamper Protection:
   • Windows:

     cd "C:\Program Files (x86)\Bit9\Parity Agent"
     dascli password GlobalPassword
     dascli configprops filter *allow_u*

   • macOS:

     cd /Applications/Bit9/Tools/
     ./b9cli --password GlobalPassword
     ./b9cli --configprops | grep "allow_u"

   • Linux:

     cd /opt/bit9/bin
     ./b9cli --password GlobalPassword
     ./b9cli --configprops | grep "allow_u"

   • If allow_uninstall=1 is returned:
     • Verify the Enable Agent Uninstall option is unchecked in Step 1.
     • Verify an existing Agent Config for allow_uninstall=1 does not exist.
   • If allow_upgrade=1 is returned:
     • Verify an existing Agent Config for allow_upgrade=1 does not exist.
3. Issue the following commands to check for disabled Tamper Protection:

   dascli password GlobalPassword
   dascli configprops filter *disable_self*
   

   • If disable_self_protect=1 is returned:
     • Verify the Disable Tamper Protection option is unchecked in Step 1.
     • Verify an existing Agent Config for disable_self_protect=1 does not exist.
     • Verify additional methods to disable Tamper Protection do not exist.
4. After completing any/all changes, verify the Agent shows as Connected & Up to Date in Assets > Computers.

If the issue persists please open a case with Support and provide the Agent Historical Logs from a machine.

• An Agent Config ending with =0 indicates the configuration is disabled.
• An Agent Config ending with =1 indicates the configuration is enabled.