Symantec Endpoint Protection Manager - Application and Device Control (ADC) - Policies explained

Article:TECH104431  |  Created: 2008-01-20  |  Updated: 2012-04-20  |  Article URL http://www.symantec.com/docs/TECH104431
Article Type
Technical Solution


Issue



You need more details about the Options in the Policies of the Symantec Endpoint Protection Manager (SEPM)

 


Solution



Application Control: Application Control Rule Sets

Use this page to view and manage application control rule sets for the selected Application and Device Control Policy. An application control rule set contains the rule conditions that monitor for specified files, folders, and processes. You can create or modify collections of rules for the selected policy.

Table: Application Control Rule Sets shows the hardware device protection rules list.

Table: Application Control Rule Sets

Option
Description
Enabled Shows whether this collection of rules is in use or not. Uncheck this option to disable the corresponding rule set in the policy.
Rule Sets The name of a collection of rules for this policy. You can have multiple collections of rules in one policy.
Test/Production Whether this collection of rules is in Test (log only) mode or in Production mode. Test mode lets you apply this collection of rules to devices without modifying the behavior of those devices. You can then examine the generated log.
When you first create a collection of rules for a policy, the mode is Test (log only). To change the mode to Production, under Test/Production for the collection of rules that you want to change, select Production from the drop-down menu.


Symantec Endpoint Protection Manager contains four default Application Control Rule Sets.

Default Application Control Rule Sets:

    • Make all removable drives read-only
    • Block programs from running on removable drives
    • Block applications from running
    • Protect client files and registry keys





Hardware Device Protection Policy: Device Blocking

You can add or delete devices to block or exclude from blocking.

 

Note: The list in the Devices Excluded From Blocking table do NOT show all of the allowed devices. This list shows the exceptions to the Blocked Devices list.


Table: Device blocking options describes the device blocking options.

Table: Device blocking options

Group or option
Description
Device Name The name of the device that is blocked or excluded from blocking. You can add or delete devices from this list.
Device ID The ID of the device that is blocked or excluded from blocking.
Log blocked devices When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default.
Notify users when devices are blocked When this option is enabled, a message is sent to clients that try to use devices that are not allowed by this policy. If you enable this option, you should click Specify Message Text to create the message.
This option is disabled by default.




References
Online Help - SEPM



Technical Information
 

Overview - Policies www.symantec.com/docs/TECH104436
Antivirus and Antispyware www.symantec.com/docs/TECH104430
Application and Device Control www.symantec.com/docs/TECH104431
Centralized Exceptions www.symantec.com/docs/TECH104432
Firewall www.symantec.com/docs/TECH104433 
Intrusion Prevention www.symantec.com/docs/TECH104434 
LiveUpdate www.symantec.com/docs/TECH104435

 



Legacy ID



2008032010523548


Article URL http://www.symantec.com/docs/TECH104431


Terms of use for this information are found in Legal Notices