You can also use application and device control to block applications from running
Login to Symantec Endpoint Protection Manager. and Select the Policies .
Select Application and Device Control from under the View Policies menu.
Select Add and Application and Device Control from under the Tasks menu.
Select Application Control from under the Application and Device Control menu on the left side.
Select Add a new window will appear.
Select Add next to the field labeled Apply this rule to the following process.
With in the box type * .
Leave all other settings the same. Click OK.
On the left side there will be a box labeled Rules. Within it, you should see the rule listed you are working with.
Right click the rule and select Add Condition.
Select Launch Process Attempts, a new window will open.
Select Add next to the field labeled Apply this rule to the following process.
With in the box type <process name>.exe. This will be the exact name of the executable that is going to be blocked.
From the same window, select the Actions tab from the top middle.
From within the Launch Process Attempt box select Block access.
Select OK.
Select OK again from the Application Control screen.
And then Select Assign.