To achieve true endpoint security, a solution needs to be virtually impossible to circumvent, disable, or uninstall. The solution needs to enforce the security policies set by administrators, without fail.
As opposed to anti-virus or gateway security solutions - where IT and users share the common goals of protecting the network from harm – endpoint security often involves limiting users' freedom of action.
Thus, it is possible that users may try to circumvent endpoint security solutions – sometimes with malicious intent, and sometimes simply in an effort to work and play as they please.
For this reason, Safend developed ironclad security mechanisms around its product offering.
Safend Protector includes redundant, multi-tiered anti-tampering features to guarantee permanent control over enterprise endpoints.
Anti-tampering features include:
- Local polices, logs stored at the client, the central log repository, and all Protector-related communications are encrypted by multiple advanced encryption algorithms.
- Local policies are “signed” with unique ID which, if altered, highlights any tampering attempt
Hashed uninstall password
- Even users with local administrator rights need a hashed password to remove the local agent
- Safend Protector locks down the local client, prevents further action and sends an alert if it detects unauthorized attempts to erase, alter, or change the filename of security files
- If the local driver is erased or altered, the Safend Protector agent automatically creates and loads a fresh, correct copy
- The last known security policy is always enforced, until Protector is uninstalled, even if Protector is somehow disabled, or the endpoint is disconnected from the network
Full Safe Mode Operation
- Safend Protector is fully functional even when the operating system is running in Safe Mode