Versions Compared

Old Version 5

changes.mady.by.user Max Pinion

Saved on

compared with

New Version 6

changes.mady.by.user Max Pinion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Harden the Arellia Agent and ACS services against administrators (for details about service hardening, go to Service Hardening).

  2. Remove the debug privilege from Administrators

    . The quick way to do it is enable

    by enabling the Remove Advanced Privileges for Interactive Users 

    application control policy

    ACS policy.

    Tip
    titleNote

    Debug privileges

    are generally only made available to Developers.  Debug privilege disables

    disable checks on the process security descriptor

    . The 

    and are generally granted to only developers. When you clone the Remove Advanced Privileges for Interactive Users

    policy would generally be cloned to actually exclude

     policy, the policy excludes those programs (such as developer tools) that actually require debug rights such as Visual Studio.

  3. The last step to protect the Arellia Agent Service is to remove Remove the terminate privilege from Administrators . This can be done by creating a new Adjust Process Security action new process security action and then applying it via an Application Control Policy targeting the "Arellia.Agent.Service.exe" executable. (For details about adjusting process security, go to Adjust Process Security.)