Creating custom application control rules
You might want to use custom application control rules when you set up application and device control.
See Setting up application and device control
Table: Creating custom application control rules
Plan the rule set
A new application rule set contains one or more administrator-defined rules. Each rule set and each rule has properties. Each rule can contain one or more conditions for monitoring applications and their access to specified files, folders, registry keys, and processes.
You should review best practices before you create custom rules.
See About best practices for creating application control rules.
You can also review the structure of the default rule sets to see how they are constructed.
Create the rule set and add rules
You can create multiple rules and add them to a single application control rule set. You can delete rules from the rules list and change their position in the rule set hierarchy as needed. You can also enable and disable rule sets or individual rules within a set.
See Creating a custom rule set and adding rules.
See Typical application control rules.
You can copy and paste rule sets or individual rules within the same policy or between two policies. You might want to copy rules from policies that you download from Symantec or from test policies that contain rules that you want to use in production policies.
See Copying application rule sets or rules between Application and Device Control policies.
Apply a rule to specific applications and exclude certain applications from the rule
Every rule must have at least one application to which it applies. You can also exclude certain applications from the rule. You specify the applications on the Properties tab for the rule.
See Applying a rule to specific applications and excluding applications from a rule.
Add conditions and actions to rules
The condition specifies what the application tries to do when you want to control it.
You can set any of the following conditions:
See Adding conditions and actions to a custom application control rule.
You can configure any of the following actions to take on an application when it meets the configured condition:
Continue processing other rules
Allow the application to access the entity
Block the application from accessing the entity
Terminate the application that is trying to access an entity
Remember that actions always apply to the process that is defined for the rule. They do not apply to a process that you define in a condition.
Test the rules
You should test your rules before you apply them to your production network.
Configuration errors in the rule sets that are used in an Application and Device Control policy can disable a computer or a server. The client computer can fail, or its communication with Symantec Endpoint Protection Manager can be blocked.
See Testing application control rule sets.
After you test the rules, you can apply them to your production network.