11-21-2023 09:21 PM
Does XDR has the capability to identify and block admin access on end user workstation?
11-23-2023 08:47 AM
Hello @RamyashreeMada
Thanks for reaching out on Live Community!
Unfortunately XDR do not control the access for endpoint users. It can prevent malicious activity but cannot control user's access directly. You can use "User risk view" to investigate and assess user behaviour.
With the User Risk view, you can do the following.
Assess the user's behavior and score.
Review the user's working hours and past alerts.
Analyze the user's behavior over time and compare to their peers with the same asset role.
Star the user to be included in the watchlist.
Please follow below guide to learn more about investigating a user.
Please mark the response as "Accept as Solution" if it answers your query.
Regards.
11-27-2023 06:28 AM
There are a bunch of solutions that "block" admin access on endpoints. Most of them overtakes the normal Admin account and then provides granular access to all other accounts stripping them for any admin rights and then you can make an approval workflow on a per app basis or for a limited time. There will be a lot of functionality that comes along with those solutions. Often software/inventory management and 3rd party application updates are some of them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
