Author Topic: [PENDING] Wishlist: Restrict SAFEBOOT  (Read 4380 times)

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
[PENDING] Wishlist: Restrict SAFEBOOT
« on: May 10, 2013, 09:24:24 AM »
Whatever policies are applied into and endpoint, can be easily bypassed by only rebooting in SAFEMODE. I know it was designed that way by Microsoft, and it's not COMODO's concern.

Additionally, CESM will include also a Internet/Browsing filter in the future.
Again, this could be bypassed by using SAFEMODE with network.


Could it be possible to add an option into ESM Server that restricts the SAFEBOOT option, so the end-user cannot boot in any of those 2 options (with and without network), just as devices such as USB, optical and Floppy can be restricted?
« Last Edit: May 20, 2013, 09:58:46 AM by w-e-v »

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: Wishlist: Restrict SAFEBOOT
« Reply #1 on: May 19, 2013, 12:47:53 AM »
Any comment?

Offline Denmihalich

  • Newbie
  • *
  • Posts: 17
Re: Wishlist: Restrict SAFEBOOT
« Reply #2 on: May 20, 2013, 07:35:31 AM »
Hello w-e-v,

You're making a good point here but let me note that you have to be local administrator to do some serious harm even is SAFEMODE.

We will add your suggestion to customer wishlist pool.

Thank you!

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: Wishlist: Restrict SAFEBOOT
« Reply #3 on: May 20, 2013, 09:58:13 AM »
Thank you! I will be tracking this post to see when it would be applied.

Thanks again. :)

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1503
  • BETA FORCE MEMBER
Re: [PENDING] Wishlist: Restrict SAFEBOOT
« Reply #4 on: October 10, 2013, 06:51:51 PM »
What would be the status of this?

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: [PENDING] Wishlist: Restrict SAFEBOOT
« Reply #5 on: October 10, 2013, 08:08:26 PM »
The status is still pending...

reason is that your standard EP (endpoint) user is
a) unlikely to reboot into Safe Mode
b) unlikely to know what SafeMode is or what it is for

and that
c) if your users are booting into SafeMode you have bigger problems than ESM can solve for you

and that
d) admins need to boot into SafeMode occasionally and those admins are likely to be the ESM admins anyway

so, while restricting rebooting into SafeMode will be a nice-to-have, in the grander scheme of things that can ruin your day, it is not that high in the list.

Kind regards,
Michel.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek