Installation

Protecting UF from stopping and Uninstallation

jg91
Path Finder

Is there any solution to protect UF from stopping or uninstalling by users on endpoints? For example, most Antivirus agents are password protected and on uninstallation, users must provide the password, I'm looking for this kind of solution.
Thank you.

Labels (1)
Tags (2)
0 Karma

gcusello
Esteemed Legend

Hi @jg91,

as described at https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/InstallaWindowsuniversalforwarderfro... you can define an user to install or modify or uninstalla an UF; I didn't tried to uninstalla an UF without this account but I think that the first protection is to have an alert on your Splunk that fires if an UF stops to send logs.

This alert is already available on the Monitoring Console.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...

How to Troubleshoot our Splunk HEC Endpoint

This blog post is part of an ongoing series on OpenTelemetry. In this blog post, we will explore the best way ...