Setting up application and device control

Article:HOWTO55139  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55139
Article Type
How To


Subject


Setting up application and device control

You can set up application and device control by performing some typical tasks.

See About application and device control

Table: Setting up application and device control

Task

Description

Enable default application control rule sets

Application and Device Control policies contain default application control rule sets. The default rule sets are disabled. You can enable any sets that you need.

Note:

If the default rule sets do not meet your requirements, create custom rule sets.

The default rule sets are configured in production mode rather than test mode. However, you can change the setting to test mode and test the rules in your test network before you apply them to your production network.

See Enabling a default application control rule set.

Note:

Client computers require a restart when you enable application control rules.

See Restarting client computers.

Create and test custom application control rule sets

You can create custom application control rule sets. Typically only advanced administrators should perform this task.

See Creating custom application control rules.

See Typical application control rules.

Note:

Client computers require a restart when you enable application control rules.

Create exceptions for application control

Application control might cause problems for some applications that you run in your network. You can exclude applications from application control. You use an Exceptions policy to specify the exception.

See Excluding applications from application control.

Set up system lockdown

System lockdown controls the allowed applications on your client computers.

See Configuring system lockdown.

Configure device control to allow or block hardware devices

Device control specifies what hardware devices are allowed or blocked on your client computers.

Symantec Endpoint Protection Manager provides a device list that you can use in the device control configuration. You can add devices to the list.

See Managing device control.

View the Application Control and Device Control logs

You can view the application control and device control events in the Application Control log and the Device Control log in Symantec Endpoint Protection Manager.

On the client computer, application control and device control events appear in the Control log.

Note:

You might see duplicate or multiple log entries for a single application control action. For example, if explorer.exe tries to copy a file, it sets the write and delete bits of the file's access mask. Symantec Endpoint Protection logs the event. If the copy action fails because an application control rule blocks the action, explorer.exe tries to copy the file by using only the delete bit in the access mask. Symantec Endpoint Protection logs another event for the copy attempt.

Prevent or allow users from enabling or disabling application and device control

You can prevent or allow users from enabling or disabling application and device control on the client. Use the setting in the Client User Interface Settings dialog.

See Changing the user control level.


Legacy ID



v36230746_v59371754


Article URL http://www.symantec.com/docs/HOWTO55139


Terms of use for this information are found in Legal Notices