Agent Security

This panel lets you configure the security settings for the ZENworks Agent.

The bottom three settings apply only to ZENworks 11.2 and later. Prior to version 11.2, these settings were configured in the Security Settings policy (one of the Windows Endpoint Security Policies). The Security Settings policy is still required for versions 11 and 11.1 of the Endpoint Security Agent. Version 11.2 of the agent will also use an assigned Security Settings policy if the settings on this page are not configured.

Allow Users to Uninstall the ZENworks Agent

Enable this option to allow users to uninstall the ZENworks Agent.

Require an Uninstall Password for the ZENworks Agent

Enable this option to require users to enter a password in order to uninstall the ZENworks Agent. Click Change to set the password.

To avoid distributing the uninstall password to users, we recommend that you use the Password Key Generator utility to generate a key for the uninstall password. The key, which is based on the uninstall password, functions the same as the uninstall password but can be tied to a single device or user so that its use is limited.

You access the Password Key Generator utility in the Configuration Tasks list in the left navigation pane.

Enable an Override Password for the ZENworks Agent

An override password can be used in the ZENworks Agent to:

Access information about the device’s current location and how the location was assigned.
Access the Administrative options in the Endpoint Security Agent. These options let you disable the currently applied security policies (with the exception of the Data Encryption policy), view detailed policy information, and view agent status information.
Access the Administrative options in the Full Disk Encryption Agent. These options let you view detailed policy information, view agent status information, and perform functions such as
Uninstall the ZENworks Agent.

To enable an override password, select the check box, then click Change to set the password.

To avoid distributing the override password to users, we recommend that you use the Password Key Generator utility to generate a key for the override password. The key, which is based on the override password, functions the same as the override password but can be tied to a single device or user and can have a usage or time limit.

You access the Password Key Generator utility in the Configuration Tasks list in the left navigation pane

Enable Self Defense for the ZENworks Agent

Currently, self-defense functionality protects only the ZENworks Endpoint Security Agent. It does not protect the other ZENworks Agent modules.

Self defense protects the Endpoint Security Agent from being shut down, disabled, or tampered with in any way. If a user performs any of the following activities, the device is automatically rebooted to restore the correct system configuration:

Using Windows Task Manager to terminate any Endpoint Security Agent processes.
Stopping or pausing any Endpoint Security Agent services.
Removing critical files and registry entries. If a change is made to any registry keys or values associated with the Endpoint Security Agent, the registry keys or values are immediately reset.
Disabling NDIS filter driver binding to adapters.

Select the check box to enable self defense.