About application control rule sets and rules

Article:HOWTO27044

Created: 2010-01-08

Updated: 2010-01-15

Article URL http://www.symantec.com/docs/HOWTO27044

Article Type
How To

Product(s)

Show all

Environment

Show all

CLOSE X

Windows Server 2008
Web Edition (x86) SP2, Web Edition (x86), Web Edition (x64) SP2, Web Edition (x64), Standard (x86-32bit) SP2, Standard (x86-32bit), Standard (x64-64bit) SP2, Standard (x64-64bit), Server Core, Enterprise (x86-32bit) SP2, Enterprise (x86-32bit), Enterprise (x64-64bit) SP2, Enterprise (x64-64bit), DataCenter (x86-32bit) SP2, DataCenter (x86-32bit), DataCenter (x64-64bit) SP2, DataCenter (x64-64bit)

Windows Server 2008 R2
WebServer (x64-64bit), Standard (x64-64bit), Enterprise (x64-64bit), DataCenter (x64-64bit)

VMWare ESX
4.0, 3.5 U4, 3.5 U3, 3.5 U2, 3.5 U1, 3.5, 3.0.2, 3.0.1, 3.0, 2.5

Windows XP
Pro 5.1 SP3, Pro 5.1 SP2, Pro 5.1 SP1, Pro 5.1 64 bit SP3, Pro 5.1 64 bit SP2, Pro 5.1 64 bit SP1, Embedded SP3, Embedded SP2, Embedded SP1

Windows Vista
Ultimate RC2, Ultimate (x86) 6.0.6000, Ultimate (x64) 6.0.6000, Starter (x86) 6.0.6000, RC2, Home RC2, Home Premium RC2, Home Premium (x86) 6.0.6000, Home Premium (x64) 6.0.6000, Home Basic (x86) 6.0.6000, Home Basic (x64) 6.0.6000, Enterprise RC2, Enterprise 6.0.6000, Business RC2, Business (x86) 6.0.6000, Business (x64) 6.0.6000

Windows Small Business Server 2008
Standard Edition, Premium Edition

Windows Server 2003 R2
Web Edition (x86), Web Edition (x64), Storage Server Edition (x86), Storage Server Edition (x64), Standard Edition (x86), Standard Edition (x64), Enterprise Edition (x86), Enterprise Edition (x64), Datacenter Edition (x86), Datacenter Edition (x64)

GSX Server for Windows
3.2

Windows Server 2003
Web Server, Web Edition SP2, Web Edition SP1, Storage Server SP2, Storage Server SP1, Storage Server (x64) SP2, Storage Server (x64) SP1, Storage Server (x64), Storage Server, Standard Server(x64), Standard Server SP2 (x64), Standard Server SP2, Standard Server SP1 (x64), Standard Server SP1, Standard Server, Enterprise SP2(x64), Enterprise SP2, Enterprise SP1(x64), Enterprise SP1(IA64), Enterprise ServerSP1, Enterprise Server, Enterprise (x64), Enterprise (IA64), Datacenter SP2(x64), DataCenter SP2

VMware Workstation
6.5, 6.0, 5.0

Windows Small Business Server 2003
Standard Edition

Windows Fundamentals for Legacy PCs
5.1 SP3

Languages

Show all

About application control rule sets and rules

Rule sets consist of rules and their conditions. A rule is a set of conditions and actions that apply to a given process or processes. A best practice is to create one rule set that includes all of the actions that allow, block, and monitor one given task. Follow this principle to help to keep your rules organized. For example, suppose you want to block write attempts to all removable drives and you want to block applications from tampering with a particular application. To accomplish these goals, you should create two different rule sets. You should not create all of the necessary rules to accomplish both these goals with one rule set.

Note:
Currently, Symantec Endpoint Protection Manager does not support a rule set that specifies the blocking of write attempts to CD or DVD drives. You can select the option in the Application and Device Control Policy, however, the option is not enforced. Instead, you can create an Application and Device Control Policy that blocks specific applications that write to CD or DVD drives. You should also create a Host Integrity Policy that sets the Windows registry key to block write attempts to CD or DVD drives.

For the latest information, see the Symantec Knowledge Base document: After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged.

You apply a rule to one or more applications to define the applications that you monitor. Rules contain conditions. These conditions monitor the application or applications that are defined in the rule for specified operations. Conditions define what you want to allow the applications to do or to keep them from doing. Conditions also contain the actions to take when the operation that is specified in the condition is observed.

Note:
Remember that actions always apply to the process that is defined in the rule. They do not apply to the processes that are defined in the condition.

See Creating a new application control rule set and adding a new rule to the set.

See About application control rule properties.

See About application control rule conditions.

See About application control rule condition properties.

See About application control rule condition actions.

Legacy ID

349402

Article URL http://www.symantec.com/docs/HOWTO27044

About application control rule sets and rules

About application control rule sets and rules

Legacy ID

Please Sign In

Knowledge Base Search

Knowledge Base Search

MySymantec

MySymantec

Contacting Support

Contacting Support