skip to content

IT Help and Support

University Information Services

Tamper Protection settings for Trellix Endpoint Security (ENS) (Windows and macOS only)

Security attacks can exploit the ability to uninstall, switch off or modify the local antivirus program.

In ePO (on the Managed Endpoint Protection Service) you can set passwords to prevent removal or modification of ENS. This applies to macOS and Windows systems.

These settings are controlled by the 'Options' policy within Endpoint Security Common.

To enable tamper protection, and set your own password, you need to break inheritance to the policy. Then apply a modified version of the 'Tamper Protection On' policy.

If you have already broken inheritance and set your own Options policy, you can edit your policy to include tamper protection if required.

To create a new policy

  1. Log on to ePO (
  2. Select 'Menu' (top left, three bars). Select 'Policy Catalog' then 'Endpoint Security Common'.
  3. Select 'Options' to reveal the list of policies.
  4. From the list of policies, scroll down to 'Tamper Protection On'.
  5. Select the down arrow next to 'View' for this policy. Select 'Duplicate'.
  6. Name your copy, for example, 'Tamper Protection On, Dept. of Med Dent'. Select 'OK'.
  7. The 'Edit' option should now be available for your new policy.
  8. Select 'Edit' and select your required options.

Client Interface Mode

  • 'Full access' allows end users to modify any settings. Changes will revert at the next automatic policy check (usually within 5 minutes).
  • 'Standard access' allows users to see the Trellix Endpoint Security console but requires a password to make any changes to the settings.
  • 'Lock client interface' requires a password to see the Trellix Endpoint Security console.
  • 'Enable client interface lockout' allows you to set a lockout time based on a number of failed password attempts within a set time frame.

Select either 'Standard access' or 'Lock client interface', then set and confirm a password.


Select 'Require password to uninstall the client' to set a password needed for uninstallation of ENS. If the agent is still installed, ENS will reinstall – usually within the next hour.

Save your new policy, remembering to give it a unique name that will identify it as belonging to your institution.

Apply your new policy to a branch or a sub-branch

  1. Select your branch or sub-branch in the system tree.
  2. Select the 'Assigned Policies' tab.
  3. Select 'Endpoint Security Common' (from the Product dropdown). Select 'Edit Assignment' for the 'Options' policy (the only policy available in this section).
  4. Select 'Break inheritance and assign the policy and settings below'. Then select your new policy from the 'Assigned policy' dropdown
  5. Select 'Save'.

Your machines will apply tamper protection at their next agent-to-server communication. This is usually within the next hour.

If you lose access to your password, you can modify your policy and reset it.

We recommend you use the 'Standard access' mode with the 'Enable client interface lockout' setting applied, as well as requiring a password to uninstall the client.