Controlling Access to the OfficeScan Agent Installation Directory and Registry Keys

  1. Go to Agents > Agent Management.
  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Click Settings > Privileges and Other Settings.
  4. Click the Other Settings tab and go to the Agent Security Settings section.
  5. Select from the following access permissions:
    • High: The OfficeScan agent installation directory inherits the rights of the Program Files folder and the OfficeScan agent’s registry entries inherit permissions from the HKLM\Software key. For most Active Directory configurations, this automatically limits “normal” users (those without administrator privileges) to read-only access.

    • Normal: This permission grants all users (the user group "Everyone") full rights to the OfficeScan agent program directory and OfficeScan agent registry entries.


    OfficeScan Agent Self-protection settings have a higher priority than the OfficeScan Agent Security Settings. OfficeScan agents configured with both settings apply the OfficeScan Agent Self-protection settings first.

    For example, if you configure OfficeScan Agent Security Settings to Normal and enable file protection in OfficeScan Agent Self-protection settings, the OfficeScan Agent Self-protection settings prevent users from modifying OfficeScan agent files with .exe, .dll, .ptn, or .sys extensions.

  6. If you selected domain(s) or agent(s) in the agent tree, click Save. If you clicked the root domain icon, choose from the following options:
    • Apply to All Agents: Applies settings to all existing agents and to any new agent added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.

    • Apply to Future Domains Only: Applies settings only to agents added to future domains. This option will not apply settings to new agents added to an existing domain.