Versions Compared

Old Version 8

changes.mady.by.user Max Pinion

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Harden the Arellia Agent and ACS services against administrators (for details about service hardening, go to Service Hardening).

  2. Remove the debug privilege from Administrators by enabling the Remove Advanced Privileges for Interactive Users ACS policy.

    Debug privileges disable checks on the process security descriptor and are generally granted to only developers. When you clone the 
    Tipnote
    titleNote
    Warning

    Debug rights trump Remove Advanced Privileges for Interactive Users policy, the policy excludes those programs (such as developer tools) that actually require debug rights such as Visual Studioso be aware anyone with debug rights will still be able to kill protected processes.

  3. Remove the terminate privilege from Administrators by creating a new process security action and then applying it via an Application Control Policy targeting the "Arellia.Agent.Service.exe" executable. (For details about adjusting process security, go to Adjust Process Security.)

 

...

How to enable process and service hardening using ACS and LSS