ENS offers the ability for a local administrator to export the configuration being enforced. The encryption key used is common across multiple versions of ENS, allowing a malicious actor with local administrator rights to export the configuration and decrypt it. The actor can then use a text editor to alter the configuration, including disabling several ENS features. It is possible to then encrypt the modified configuration and ask ENS to import it. This configuration would then be applied, potentially disabling all protection on the system.
The information has been provided by Donny Maasland
The original article can be found at:https://kc.mcafee.com/corporate/index?page=content&id=SB10314
Improper access control vulnerability in ESConfigTool.exe in ENS for Windows all current versions allows a local administrator to alter the ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.