This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
logo

Knowledge Base

Access official resources from Carbon Black experts

App Control: How to Disable/Enable Tamper Protection

App Control: How to Disable/Enable Tamper Protection

Environment

  • App Control 7.x and Higher

Objective

To disable tamper protection on agent(s).

Resolution

Disabling Tamper Protection will allow the uninstall of our agent and/or tampering of our files- causing our agent to not function properly. Always confirm tamper protection is re-enabled

To disable/enable tamper protection on a single agent using the console:

  1. Navigate to Assets>Computers.
  2. Click the  "View Details" button next to the computer in question
  3. On the right hand side under the "Advanced" section, Click "Disable Tamper Protection"
  4. To re-enable navigate to the same location and choose "Enable Tamper Protection"

To disable tamper protection on a single agent using CMD:

  1. Open an admin CMD prompt
  2. Navigate to the parity agent directory (usually c:\program files (x86)\bit9\parity agent)
  3. Type the below commands: 
dascli password InsertCliPasswordHere

dascli tamperprotect 0 

-- To re-enable type:

dascli tamperprotect 1

To disable tamper protection on a specific policy (Version 8.x only):

  1. Navigate to https://YourAppControlServerName/agent_config.php
  2. Click "Add Agent Config"
  3. Use the below fields:
    • Property Name: Name of your choice
    • Host Id (0 For All): 0
    • Value: disable_self_protect=1  *ensure that there are no spaces before or after the value that is typed*
    • Macros: Leave blank
    • Platforms: Leave default
    • Status: Enabled
    • Create for: Selected Policies> Choose policy in question
  4. To re-enable tamper protection disable or delete the above agent config. Changing the value to disable_self_protect=0 will also work.

To disable tamper protection on all agents:

  1. Navigate to https://YourAppControlServerName/support.php
  2. Go to the "Advanced Configuration" tab
  3. Under "Agent Configuration" select the box next to "Disable Tamper Protection"
  4. Click "Update" at the bottom of the page
  5. To re-enable tamper protection un-check the box and click "Update" again.

Additional Notes

  • Tamper protection blocks attempts to write to the App Control application directory or change App Control Agent files on client computers.
  • There is a default policy that has the settings of "disable_self_protect=0". Ensure this agent config is disabled, or it will override any custom agent configs as described above.

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
ncozad
Creation Date:
‎07-16-2018
Views:
5578
Contributors
logo