Installation

Protecting UF from stopping and Uninstallation

jg91
Path Finder

Is there any solution to protect UF from stopping or uninstalling by users on endpoints? For example, most Antivirus agents are password protected and on uninstallation, users must provide the password, I'm looking for this kind of solution.
Thank you.

Labels (1)
Tags (2)
0 Karma

gcusello
Legend

Hi @jg91,

as described at https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/InstallaWindowsuniversalforwarderfro... you can define an user to install or modify or uninstalla an UF; I didn't tried to uninstalla an UF without this account but I think that the first protection is to have an alert on your Splunk that fires if an UF stops to send logs.

This alert is already available on the Monitoring Console.

Ciao.

Giuseppe

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>