Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Hardening the Skyhigh Client Proxy (SCP)

  1. Last updated
  2. Save as PDF

Overview 

The Hardening process enhances the security of devices and applications by blocking unauthorized access, preventing uninstallation, and stopping users from modifying files on Windows and macOS. Implementing tamper resistance features like Access Protection and Uninstall Protection can enhance the security of SCP. Using these capabilities can help safeguard the endpoints and maintain a strong defense against potential threats. Failure to do so could substantially weaken security of the endpoint systems rendering them vulnerable.

Skyhigh strongly recommends using the hardening methods mentioned below.  

Key Benefits

  • Prevent unauthorized changes: Restricts the removal or modification of the client to bypass security checks. Tamper resistance can detect and stop these attempts.

  • File integrity checks: Regularly verify the integrity of critical client files on the device to detect any unauthorized changes.

  • Registry key protection: Prevents modification of registry keys related to client functionality.

  • Password protection for uninstallation: Users are prompted to enter an administrator password when initiating uninstallation.

Hardened SCP

Tamper resistance enhances the security of the client by enabling access protection and uninstall protection of the client on end-user devices running Windows and macOS. 

Tamper Resistance (For Windows Only)

Tamper resistance prevents the alteration or disabling of a software application, including its settings and functionalities, as well as modifying and deleting Client Proxy software and services, including Client Proxy files and new registry keys.

By enabling Access Protection and Uninstall Protection, you can improve the security of the client proxy through tamper resistance.

Enable Access Protection

Enable Access Protection prevents the client software from being disabled via Windows Task Manager, files from being edited or deleted, and registry values from being changed.

By selecting Enable Access Protection, rules are created on the client device to protect files, processes and registry entries from unauthorized modifications and deletions. 

  • SCP File Protection Rule - Files associated with SCP in Program Files and ProgramData.
  • SCP Registry Protection Rule - Registry files associated with SCP in the Program Files.
  • SCP Process Protection Rule - Process protection associated with SCP in Program Files. 
  • SCP Pipe Protection Rule - Protect against inter-process communication pipes being read from or written to.

Enable Uninstall Protection

Enable Uninstall Protection helps the administrators prevent end-users from uninstalling SCP from their systems. To remove the software, end-users must request a release code from the administrators. Once the administrators share the code, end-users can uninstall SCP. This process ensures that administrators are notified of any uninstallation requests.

Enable Tamper Resistance 

  1. Go to Settings > Infrastructure > Client Proxy Management.

  2. In the policy tree, select Configuration Policies.

  3. Select a policy in the policy tree.

  4. In the Tamper Resistance section, select the applicable option:

    • Enable Access Protection 

    • Enable Uninstall Protection 

  5. Click Save.

2.png

Tamper Resistance (For macOS)

In macOS, all the SCP-related files and folders stay in root mode, and only root users have access to delete or modify them. 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.