[PENDING] Wishlist: Restrict SAFEBOOT

Whatever policies are applied into and endpoint, can be easily bypassed by only rebooting in SAFEMODE. I know it was designed that way by Microsoft, and it’s not COMODO’s concern.

Additionally, CESM will include also a Internet/Browsing filter in the future.
Again, this could be bypassed by using SAFEMODE with network.

Could it be possible to add an option into ESM Server that restricts the SAFEBOOT option, so the end-user cannot boot in any of those 2 options (with and without network), just as devices such as USB, optical and Floppy can be restricted?

Any comment?

Hello w-e-v,

You’re making a good point here but let me note that you have to be local administrator to do some serious harm even is SAFEMODE.

We will add your suggestion to customer wishlist pool.

Thank you!

Thank you! I will be tracking this post to see when it would be applied.

Thanks again. :slight_smile:

What would be the status of this?

The status is still pending…

reason is that your standard EP (endpoint) user is
a) unlikely to reboot into Safe Mode
b) unlikely to know what SafeMode is or what it is for

and that
c) if your users are booting into SafeMode you have bigger problems than ESM can solve for you

and that
d) admins need to boot into SafeMode occasionally and those admins are likely to be the ESM admins anyway

so, while restricting rebooting into SafeMode will be a nice-to-have, in the grander scheme of things that can ruin your day, it is not that high in the list.

Kind regards,