Environment
- App Control 7.x and Higher
Objective
To disable tamper protection on agent(s).
Resolution
Disabling Tamper Protection will allow the uninstall of our agent and/or tampering of our files- causing our agent to not function properly. Always confirm tamper protection is re-enabled
To disable/enable tamper protection on a single agent using the console:
- Navigate to Assets>Computers.
- Click the "View Details" button next to the computer in question
- On the right hand side under the "Advanced" section, Click "Disable Tamper Protection"
- To re-enable navigate to the same location and choose "Enable Tamper Protection"
To disable tamper protection on a single agent using CMD:
- Open an admin CMD prompt
- Navigate to the parity agent directory (usually c:\program files (x86)\bit9\parity agent)
- Type the below commands:
dascli password InsertCliPasswordHere
dascli tamperprotect 0
-- To re-enable type:
dascli tamperprotect 1
To disable tamper protection on a specific policy (Version 8.x only):
- Navigate to https://YourAppControlServerName/agent_config.php
- Add a Filter to the View for > Value > contains > disable_self_protect=
- Edit this Config to enable it, by changing the value from disable_self_protect=0 to disable_self_protect=1
- Use the below fields:
- Property Name: Leave Default
- Host Id (0 For All): 0 (Only 1 Host ID may be entered if choosing a specific device, otherwise All (0) should be used)
- Value: disable_self_protect=1 *ensure that there are no spaces before or after the value that is typed*
- Macros: Leave blank
- Platforms: Leave default
- Status: Enabled
- Create for: Selected Policies> Choose policy or policies required
- To re-enable tamper protection, disable or delete the above agent config. Changing the value to disable_self_protect=0 will also work.
To disable tamper protection on all agents:
- Navigate to https://YourAppControlServerName/support.php
- Go to the "Advanced Configuration" tab
- Under "Agent Configuration" select the box next to "Disable Tamper Protection"
- Click "Update" at the bottom of the page
- To re-enable tamper protection un-check the box and click "Update" again.
Additional Notes
- Tamper protection blocks attempts to write to the App Control application directory or change App Control Agent files on client computers.
- There is a default policy that has the settings of "disable_self_protect=0". Ensure this agent config is disabled, or it will override any custom agent configs as described above.
Related Content