DDE_Server

Level 12
Verified
it seems all Antivirus software have the capability to lock them with password ? is it worth it if no other person has physical contact to my machine ?? does it add any other security benefit just other than locking the setting from being changed by another person
 

MacDefender

Level 5
Verified
But it read in another forum that it doesnot matter as malware can disable antivirus without need to enter through antivirus GUI
Yeah I guess it depends on the AV and how good the password protection is. Seems like a lot of AVs don't protect against msiexec uninstalls. I would theorize the best way to test this is to go to Add Remove Programs and attempt to uninstall your AV -- pretend like you just executed malware that performed this action. How does your AV respond?

Some pop up a dialog asking for your confirmation to continue. Some pop one up saying that they are stalling for 30 seconds but someone is trying to uninstall it. Others (Sophos in particular) deny uninstalling unless you can type in a passcode set by you or the Enterprise management server.
 

DDE_Server

Level 12
Verified
Yeah I guess it depends on the AV and how good the password protection is. Seems like a lot of AVs don't protect against msiexec uninstalls. I would theorize the best way to test this is to go to Add Remove Programs and attempt to uninstall your AV -- pretend like you just executed malware that performed this action. How does your AV respond?

Some pop up a dialog asking for your confirmation to continue. Some pop one up saying that they are stalling for 30 seconds but someone is trying to uninstall it. Others (Sophos in particular) deny uninstalling unless you can type in a passcode set by you or the Enterprise management server.
Emsisoft has the same action of sophos (put pass code is generated randomly by CAPTCHA) (however the password protection is not active)
 

MacDefender

Level 5
Verified
Emsisoft has the same action of sophos (put pass code is generated randomly by CAPTCHA) (however the password protection is not active)
I think that is good enough for the average home user where you really just want to confirm that a human at the computer authorized the deactivation, not some automated background process.

If you don't trust the human though (like shared
computers where the operator may want to cause harm), then a passcode seems more appropriate.