Symantec Endpoint Protection Manager - Application and Device Control (ADC) - Policies explained

Article:TECH104431  |  Created: 2008-01-20  |  Updated: 2012-04-20  |  Article URL
Article Type
Technical Solution


You need more details about the Options in the Policies of the Symantec Endpoint Protection Manager (SEPM)



Application Control: Application Control Rule Sets

Use this page to view and manage application control rule sets for the selected Application and Device Control Policy. An application control rule set contains the rule conditions that monitor for specified files, folders, and processes. You can create or modify collections of rules for the selected policy.

Table: Application Control Rule Sets shows the hardware device protection rules list.

Table: Application Control Rule Sets

Enabled Shows whether this collection of rules is in use or not. Uncheck this option to disable the corresponding rule set in the policy.
Rule Sets The name of a collection of rules for this policy. You can have multiple collections of rules in one policy.
Test/Production Whether this collection of rules is in Test (log only) mode or in Production mode. Test mode lets you apply this collection of rules to devices without modifying the behavior of those devices. You can then examine the generated log.
When you first create a collection of rules for a policy, the mode is Test (log only). To change the mode to Production, under Test/Production for the collection of rules that you want to change, select Production from the drop-down menu.

Symantec Endpoint Protection Manager contains four default Application Control Rule Sets.

Default Application Control Rule Sets:

    • Make all removable drives read-only
    • Block programs from running on removable drives
    • Block applications from running
    • Protect client files and registry keys

Hardware Device Protection Policy: Device Blocking

You can add or delete devices to block or exclude from blocking.


Note: The list in the Devices Excluded From Blocking table do NOT show all of the allowed devices. This list shows the exceptions to the Blocked Devices list.

Table: Device blocking options describes the device blocking options.

Table: Device blocking options

Group or option
Device Name The name of the device that is blocked or excluded from blocking. You can add or delete devices from this list.
Device ID The ID of the device that is blocked or excluded from blocking.
Log blocked devices When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default.
Notify users when devices are blocked When this option is enabled, a message is sent to clients that try to use devices that are not allowed by this policy. If you enable this option, you should click Specify Message Text to create the message.
This option is disabled by default.

Online Help - SEPM

Technical Information

Overview - Policies
Antivirus and Antispyware
Application and Device Control
Centralized Exceptions
Intrusion Prevention 


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices