Endpoint Protection

 View Only

  • 1.  SEPM application control

    Posted Dec 24, 2011 02:01 AM

    Hi ,

     

    we have configured application control policy in SEPM as to block all .exe on network drive  through wild card mask which is like *.exe now we need to add one .exe in exception which will run on network  but unfortunately its not happening . Can any body help in this



  • 2.  RE: SEPM application control

    Posted Dec 24, 2011 03:27 AM

    Hi- Firstll of all kindly share the version of SEPM??

    One more point, if you will be going block all the exe then it create problem to you because it just lock all the .exe include your systems file

    So add the limited.

     

    Find the below document

    http://www.symantec.com/business/support/index?page=content&id=TECH92943&locale=en_US

     

    Hope it help to you.



  • 3.  RE: SEPM application control

    Posted Dec 24, 2011 04:37 AM

    Hi sumit,

     

    I am using SEPM 11 Mr 7 release and im only blocking .exe on network files so no body can execute .exe files through network and its working fine for me we have no issues except now we need to run one .exe application which is network base



  • 4.  RE: SEPM application control

    Posted Dec 24, 2011 05:24 AM

    Hi

     

        You can add the your application name in"Donot apply to the following process" which you require to exclude from block process.

    Enter the name here

     

    Same will be require to update in your running policy.



  • 5.  RE: SEPM application control

    Posted Dec 24, 2011 06:07 AM

    Dear Sumit,

     

    I did the same way its not working thats why i came to forum for support

     

    In aplliying the following processs i add *.exe as wild card math

    and as exception in "do not apply the following process" i add the network path which is \\10.101.1.12\abc\play.exe , even i tried wild card match as 10.101.1.12\* but its not working



  • 6.  RE: SEPM application control

    Posted Dec 24, 2011 11:41 AM

    This should probably be moved to the SEP forum for greater visibility.



  • 7.  RE: SEPM application control

    Broadcom Employee
    Posted Dec 24, 2011 09:20 PM

    can you check whether the client has taken the new policy?

    Once confirmed, restart the system once to take this into effect.

    ADC policy works only on 32 bit OS in SEP 11 version. SEP 12 version supports 64 & 32 bit.



  • 8.  RE: SEPM application control

    Posted Dec 25, 2011 05:52 AM

    Yes policy is taken by clients its not working we have tried restarting systems also any other way ?



  • 9.  RE: SEPM application control
    Best Answer

    Posted Dec 25, 2011 09:57 AM

    It's easy to make a mistake or to forget something while creating a new AC rule.

    First, you have to create the rule for all applications ("*"). This rule applies to processes which are launching the applications you want to block, not to these applications themselves.

    Then create a "Launch Process Attempts" condition. Apply it to all *.exe files on network shares. Here you can add your exception as well:

    As the last step, define a "Block access" action:

     

    Check if your new rule set is set to "Production", then click OK.

    If your clients are running 32-bit OS, it should work.



  • 10.  RE: SEPM application control

    Posted Dec 25, 2011 09:01 PM

    - Please confirm the steps suggested by Greg and update the status.