Had a problem user, who decided AV wasn’t needed and promptly removed it from his system.
I got the call, called up the customer and politely pointed out the Internet was full of Bad Stuff™ and it’s a good idea NOT to uninstall, especially as it broke IT policy doing so.
The conversation went a bit “odd” .
He knew better than any of us and bluntly informed me he never goes to bad sites or opens unknown attachments, thus he was safe. He didn’t need it at home and he sure didn’t need it at work. Especially as “we” used it to spy on him.
Er. Right. Okay then.
Moving along quickly. As he had local admin rights on the box, I started to look at changing registry keys to blocking the further uninstalling Forefront. Yaniv Feldman came to my rescue with a new blog posting on exactly how to do this saving quite a bit of time for me.
Sadly, Yaniv offers no suggestions on managing paranoia.
Is it paranoia if they really _are_ trying to spy on you?
Well he shouldn’t have been playing on line golf, going to knitting web sites, using the bathroom 3.62 times a day and calling cooking help line every three weeks in company time …oops. Have I said too much?
I have some offers regarding the paranoia part…
you can make the FCS icon disappear and make it invisible from the add/remove programs and the startup menu. the user won’t even know it’s there up until the moment he gets infected