Hello everyone,
After opening a case at Symantec I could tell that the antivirus does not log the User's attempts to stop the antivirus service if someone share this password with it.
Some companies have problems to share passwords for administrators and some security auditors questioned if we can get it in antivirus logs, because that way we can open a ticket of incidence and the User will be warned not to run more this process.
As my suggestion I believe the following information below already would be helpful:
- If the User has the password and run the command: SMC -STOP: "The User stopped antivirus service manually with the administrator password"
- When the User start the service manually: SMC -START: "The User started the antivirus service manually"
- If the User try to stop the service but enter the wrong password: "The User tried to stop the antivirus service manually"
I sincerely hope thatthis suggestionis acceptedand made availablein future releases
Thank you
LucianoSantos