170
Prevent DNSFilter service stop.
Brad
Sometimes need to be off for testing. I deployed Sheduled task PS script to restart service every 5 mins if it is stopped. Works well.
Darrin
Removing local admin rights will fix this.
Aaron
Agree, this is a common antimalware control.
Bill
How about a scheduled task that makes sure the DNS Agent is running without the need to have the User logged on. Modify this to a scheduled event every 10 minutes so DNS Filter remains on.
C:\Windows\System32\cmd.exe /c net start "DNS Agent" & c:\windows\system32\schtasks.exe /create /tn "MTS_DNSFilter" /ru SYSTEM /Sc ONSTART /tr "C:\Windows\System32\cmd.exe /c sc config 'DNS Agent' start=Auto" /F & C:\Windows\System32\cmd.exe /c sc start 'DNS Agent'"
Brad
Bill: This is exactly what I did, as we occasionally have to turn off on user machines for testing. Ours is set to 5 mins.
Joel
Yes this needs to be a feature so that users cant turn it off to get around the filtering
Simon
Yes, when i'm talking about "service", I mean the windows service in services.msc. @Isaac is correct in that AV companies and Cisco Umbrella (where I've just come from) are able to prevent services from being stopped.
Isaac
You don't have control of the firewalls everywhere your users are, that's the main point of having an agent. This can definitely be done somehow, AV companies do it.
Jason Wiegel
Not sure how this would work. Probably best to configire a rule on your Firewall. For example, allow tcp/udp port 53 to DNS Filter IP addreeses from lan to wan zone. Deny all other IPs to tcp/udp port 53 from lan to wan zone