Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
Objective
To enable/disable Tamper Protection on the App Control Agent(s).
Resolution
Disabling Tamper Protection will allow modification of the folders & files the Agent relies upon, disabling, or even uninstallation of the Agent. Tamper Protection should only be disabled temporarily. Always verify Tamper Protection is re-enabled
To manage Tamper Protection on all Agents (Global):
- Navigate to https://YourAppControlServerName/support.php
- Go to the "Advanced Configuration" tab
- Under "Agent Configuration" select the box next to "Disable Tamper Protection"
- Click "Update" at the bottom of the page
- To re-enable tamper protection un-check the box and click "Update" again.
To manage Tamper Protection on a specific Policy:
- Navigate to https://YourAppControlServerName/agent_config.php
- Add a Filter to the View for > Value > contains > disable_self_protect=
- Edit this Config to enable it, by changing the value from disable_self_protect=0 to disable_self_protect=1
- Use the below fields:
- Property Name: Leave Default
- Host Id (0 For All): 0 (Only 1 Host ID may be entered if choosing a specific device, otherwise All (0) should be used)
- Value: disable_self_protect=1 *ensure that there are no spaces before or after the value that is typed*
- Macros: Leave blank
- Platforms: Leave default
- Status: Enabled
- Create for: Selected Policies > relevant Policies
- To re-enable Tamper Protection, disable or delete the above Agent Config. Changing the value to disable_self_protect=0 will also work.
To manage Tamper Protection on a single Agent using the Console:
- Navigate to Assets > Computers > relevant Computer.
- On the Computer Details page > right-hand side > Advanced > Disable Tamper Protection.
- To re-enable: navigate to the same location and choose "Enable Tamper Protection"
To manage Tamper Protection on a single Windows Agent, using the command prompt:
- Open a command prompt and issue the following commands:
cd "C:\Program Files (x86)\Bit9\Parity Agent\"
dascli password GlobalCLIPassword
dascli tamperprotect 0
-- To re-enable, authenticate with the Agent and use the command:
dascli tamperprotect 1
To manage Tamper Protection on a single macOS Agent, using Terminal:
- Open a Terminal window and issue the following commands:
cd /Applications/Bit9/tools
./b9cli --password GlobalCLIPassword
./b9cli --tamperprotect 0
-- To re-enable, authenticate with the Agent and use the command:
./b9cli --tamperprotect 1
To manage Tamper Protection on a single Linux Agent, using Terminal:
- Open a Terminal window and issue the following commands:
cd /opt/bit9/bin
./b9cli --password GlobalCLIPassword
./b9cli --tamperprotect 0
-- To re-enable, authenticate with the Agent and use the command:
./b9cli --tamperprotect 1
Additional Notes
- Tamper Protection is designed to prevent unauthorized modification to the Agent or the directories & files it relies upon.
- By default the Agent is configured to use the Agent Config, "disable_self_protect=0".
- Policy settings override Global settings, Agent settings override Policy settings. This means if Tamper Protection is enabled for the Policy but disabled Globally, the Agent will honor the Policy setting.
