SiteAdvisor Enterprise can be uninstalled via the command line even when the hardening policy for files/folders is enabled

Technical Articles ID: KB82448
Last Modified: 4/6/2017

Environment

McAfee SiteAdvisor Enterprise (SAE) 3.5

For details of Site Advisor Enterprise supported environments, see KB51244.

Problem

SAE can be uninstalled using the msiexec.exe command line method, even when the hardening policy for files/folders is enabled, when the user disables the hardening service.

Cause

Files and folder protection/registry protection is dependent on Access Protection (AP). Because AP is done using AP rules, the SAE uninstaller is excluded from these rules. However, service hardening does not use AP rules; having the hardening for services disabled allows the command line uninstall to complete because it is excluded from AP rules that protect files/folders.

Solution

This issue was resolved in McAfee Endpoint Security (ENS) 10.1 (and later), which includes SAE as a component. This issue will not be resolved in stand-alone SAE 3.5.
Technical Support recommends upgrading to ENS 10.1 (or later) if this functionality is required in your environment.

Workaround

Ensure that the ePolicy Orchestrator administrator has the self-protection hardening policy Services enabled, to ensure that a user cannot perform command line uninstall to remove SAE.

To enable the SAE hardening policy for Services, see the "Hardening Policy for SiteAdvisor Enterprise" section of the SAE 3.5 Product Guide (PD23522).

Related Information

Hardening policy:

SAE integrates with VirusScan Enterprise to protect itself from being uninstalled or modified. Hardening policy prevents managed node users from uninstalling SAE and prevents any unwanted changes to SAE files, registry keys, and registry values by restricting access. It also protects SAE processes by preventing users from stopping or killing them.
The Self Protection tab in Hardening policy allows the administrator to restrict any unwanted changes to SAE files, registry entries, or services and prevent users from uninstalling the product.

Affected Products

SiteAdvisor Enterprise 3.5

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

SiteAdvisor Enterprise can be uninstalled via the command line even when the hardening policy for files/folders is enabled

Environment

Problem

Cause

Solution

Workaround

Related Information

Affected Products

Glossary of Technical Terms

Title

Title

Knowledge Center

SiteAdvisor Enterprise can be uninstalled via the command line even when the hardening policy for files/folders is enabled

Environment

Problem

Cause

Solution

Workaround

Related Information

Affected Products

Glossary of Technical Terms

Choose your region

Title

Title