EDR: Is It Possible To Disable The Sensor Without Administrative Rights?
Article ID: 287306
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Is it possible to disable the EDR sensor without Administrative rights on the endpoint?
Environment
- App Control (formerly CB Protection) Server: 8.x
- EDR (formerly CB Response) Server: All Versions
- EDR: All Versions
Resolution
- Any user with Administrative rights on the endpoint can disable the sensor.
- If App Control is used in conjunction with EDR, the Rapid Config should be enabled for CB Response Tamper Protection, in order to prevent the uninstall of the sensor.
Additional Information
If having the Cb Response Tamper Protection Rapid Config prevent the disabling of services there is a feature request here
Feedback
Yes
No
Powered by
