Symantec Endpoint Protection Manager 12.1 - Application and Device Control (ADC) - Policies explained
| Article:TECH188597 | | | Created: 2012-05-11 | | | Updated: 2012-09-07 | | | Article URL http://www.symantec.com/docs/TECH188597 |
Problem
You need more details about the Options in the Policies of the Symantec Endpoint Protection Manager (SEPM)
Solution
Overview
Use the Overview page to provide an overview for each policy. If required, you can assign this policy to specific locations in a group.
Table: Policy overview options
|
Tab |
Description |
||
|
Policy Name |
Provides the name and description for each policy. The following options are available:
Name of the policy. When you create a new policy, this text box is mandatory.
Description of the policy.
Enables a policy and assigns it to a location or group. Disable the policy if you want to set up the policy and download the settings to the client at a later time. Policies are enabled by default.
The policy creator.
Date of the last policy modification. After you click OK, the new policy name and description appear in the policy list in each policy's main window. |
||
|
Used By |
Identifies the groups and locations to which this policy is applied.
|
Application Control: Application Control Rule Sets
Use this page to view and manage application control rule sets for the selected Application and Device Control policy. An application control rule set contains the rules and conditions that monitor for specified files, folders, and processes. You can create or modify collections of rules for the selected policy.
Table: Application Control rule sets
|
Option |
Description |
|
Enabled |
Shows whether this collection of rules is in use or not. Uncheck this option to disable the corresponding rule set in the policy. |
|
Rule Sets |
The name of a collection of rules for this policy. You can have multiple collections of rules in one policy. |
|
Test/Production |
Whether this collection of rules is in Test (log only) mode or in Production mode. Test mode lets you apply this collection of rules to devices without modifying the behavior of those devices. You can then examine the generated log. When you first create a collection of rules for a policy, the mode is Test (log only). To change the mode to Production, under Test/Production for the collection of rules that you want to change, select Production from the drop-down menu. |
Device Control
For each type of policy, you can create a Hardware Device Control List. This list contains a list of blocked devices and a list of devices that are excluded from blocking.
The list does not show all of the allowed devices. This list only displays the exceptions to the Blocked Devices list.
|
Note: |
Symantec recommends that you do NOT select Ports or Network Adapters as devices to be blocked. If you select those devices, clients with this policy applied lose all network connectivity. |
Table: Device blocking options
|
Group or option |
Description |
|
Device Name |
The name of the device that is blocked or excluded from blocking. You can add or delete devices from this list. |
|
Identification |
The identifier of the device that is blocked or excluded from blocking. The identifier can be either the class ID or the device ID. |
|
Log blocked devices |
When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default. |
|
Notify users when devices are blocked |
When this option is enabled, a message is sent to the client computers that try to use the devices that this policy does not allow. If you enable this option, you should click Specify Message Text to create the message. Note that the amount of text that can be displayed in this notification on a client computer is limited by the operating system. To avoid the truncation of the notification text, you should limit your added text to no more than 120 characters. This option is disabled by default. |
|
|
Related Articles
Article URL http://www.symantec.com/docs/TECH188597
Terms of use for this information are found in Legal Notices
Thank you.