I have a problem where software vendors are disabling Symatec EPP when diagnosing an issue on a clients server. I am an IT Contractor who supports approx 30 companies
The scenario, a law firm
- A Software vendor has one of the law firm staff log onto the server to initiate a Team viewer session.
- The software vendor is frequently disabling the Firewall Component of SEPP, or disabling the entire suite, seeming as a default 1st step.
- The customer doesnt recognise what is going on, and at times the servers have run for months with the SEPP disabled
- As a result the system is left vulnerable due to the carelessness of the vendor
- The absence of a notification to a 3rd party makes SEPP vulnerable at the most basic level.
As shown I have no way of knowing when the vendor has disabled the SEPP until I log in. If its a stable site then this could be for some months.
Can I request consideration be given to adding the ability to notify a third party that the product has been disabled both in the event log and via an email.
Why?
- So that in situation like this, I can be notified when someone disabled the product
- It would also allow others (such as my clients IT Liaison contact) to be notified if anyone disables SEPP
- When it is configured to notify a 3rd party that thrid party has the oportunity to question the action and followup to ensure the product has been re-enabled.
- Considering the effort Symantec have put into developing a product that is very sucessful at protecting systems, this seems a significant omission where someone can circumvent all the measures adopted in SEPP.
- In the enterprise environment, notification to other parties involved in systems management are able to ensure actions that affect system security are recorded somewhere at least and third person is notified of the event.
- If SEPP is disabled by say a hacker, then their action is brought to the attention of someone responsible for the server.