Typical application control rules
You might want to create custom application control rules to prevent users from opening applications, writing to files, or sharing files.
See Creating custom application control rules
You can look at the default rule sets to help determine how to set up your rules. For example, you can edit the Block applications from running rule set to view how you might use a condition.
See Enabling a default application control rule set
Table: Typical application control rules
Prevent users from opening an application
You can block an application when it meets either of these conditions:
For example, to prevent users from transferring FTP files, you can add a rule that blocks a user from launching an FTP client from the command prompt.
For example, if you add a rule that blocks Msvcrt.dll on the client computer, users cannot open Microsoft WordPad. The rule also blocks any other application that uses the DLL.
Prevent users from writing to a particular file
You may want to let users open a file but not modify the file. For example, a file may include the financial data that employees should view but not edit.
You can create a rule to give users read-only access to a file. For example, you can add a rule that lets you open a text file in Notepad but does not let you edit it.
Use the condition to create this type of rule.
Block file shares on Windows computers
You can create a custom rule that applies to all applications to disable local file and print sharing on Windows computers.
Include the following conditions:
Add all the relevant Windows security and sharing registry keys.
Specify the server service process (svchost.exe).
Specify the DLLs for the Security and Sharing tabs (rshx32.dll, ntshrui.dll).
Specify the server service DLL (srvsvc.dll).
You set the action for each condition to .
After you apply the policy, you must restart client computers to completely disable file sharing.
You can also use firewall rules to prevent or allow client computers to share files.
See Permitting clients to browse for files and printers in the network.
Prevent users from running peer-to-peer applications
You can use application control to prevent users from running peer-to-peer applications on their computers.
You can create a custom rule with a condition. In the condition, you must specify all peer-to-peer applications that you want to block, such as LimeWire.exe or *.torrent. You can set the action for the condition to or .
Use an Intrusion Prevention policy to block network traffic from peer-to-peer applications. Use a Firewall policy to block the ports that send and receive peer-to-peer application traffic.
See Managing intrusion prevention on your client computers.
See Creating a firewall policy.
Block write attempts to DVD drives
Currently, Symantec Endpoint Protection Manager does not support a rule set that specifies the blocking of write attempts to DVD drives. You can select the option in the Application and Device Control policy, however, the option is not enforced. Instead, you can create an Application and Device Control policy that blocks specific applications that write to DVD drives.
You should also create a Host Integrity policy that sets the Windows registry key to block write attempts to DVD drives.