Endpoint Protection

Can anyone tell me if there is a way to block specific executables with SEP?


I have an issue where users with non ( company ) standard browsers are able to breech security controls on some of our internal web services.  I realise that just blocking them does not solve the problem, but the issue is sufficiently sensitive that I need a quick fix while we sort out a long term solution.

So is it possible to add specific executables to the signature list to prevent them from being executed?

Thanks,

D.

can try this

How to prevent programs from running by blocking the file extension types from removable drives.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/afefa878c528d1ed882575520076cd16?OpenDocument

Thanks, but removable media is not the problem.  Browsers like Chrome and Firefox do not require admin rights to install locally so a number ( unknown ) of users appear to have done so.  We need a way of blocking the executables assiociated with those browsers from running from the local drive.

how about IPS?

How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy

http://service1.symantec.com/support/ent-security.nsf/docid/2008070803545448

You can also use application and device control to block applications from running

Login to  Symantec Endpoint Protection Manager. and Select the Policies .

Select Application and Device Control from under the View Policies menu.

Select Add and Application and Device Control from under the Tasks menu.

Select Application Control from under the Application and Device Control menu on the left side.

Select Add a new window will appear.

Select Add next to the field labeled Apply this rule to the following process.

With in the box type * .

Leave all other settings the same. Click OK.

On the left side there will be a box labeled Rules. Within it, you should see the rule listed you are working with.

Right click the rule and select Add Condition.

Select Launch Process Attempts, a new window will open.

Select Add next to the field labeled Apply this rule to the following process.

With in the box type <process name>.exe. This will be the exact name of the executable that is going to be blocked.

From the same window, select the Actions tab from the top middle.

From within the Launch Process Attempt box select Block access.

Select OK.

Select OK again from the Application Control screen.

And then Select Assign.

Praqchand, that looks like it will work.  I'll get the tech guys to test it.  Thanks!

There is a default application control policy called "Block applications from running"

Simply add the applications you want to block (by name or MD5 hash) into the policy where instructed and that will block them.

Rafeeq, thanks again but still no I'm afraid.

We want people to be able to access the web apps via IE ( company standard browser ) but not via Chrome, Firefox, Safari etc untill we can fix the underlying security issues.  We need to prevent these browsers from executing.

enable this

How to set up learned applications in the Symantec Endpoint Protection Manager

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/36f099f2e011f3dc882573a2005a9326?OpenDocument
then block whatever you dont like 

Gee, my app control policies here prevent almost ANYTHING from being installed, and I've got specifics in there for CHROME.
Those installs use VERY specific paths and executables, so............
Create a policy for Google, Firefox, whatever, and BLOCK any processes from creating or accessing:
%userprofile%\*\google
%userprofile%\local settings\application data\google\chrome\*

Works great, it stops the install process in its tracks, prevents it from finishing.......

OH, here, for example (for a rough idea: