Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Application Control Policy for psexec.exe

Created: 16 Aug 2012 • Updated: 20 Aug 2012 | 2 comments
Philly Flyer's picture
+5 5 Votes
Login to vote

This is an Application Control Policy used to block psexec.exe. 

This policy will block psexec.exe based on:

- fingerprint

-services/processes

-filename

The action is block and notification is set to display a pop up.

There is a backdoor in the policy.  If you run it with the following argument SEP will allow it to run:

psexec -ed

To import you will first want to download the .dat policy file

1.  Open the Application Control Policy that displays the various pre-built templates.

2.  Right click in the white area and select Import Policy. 

3.  Select this .dat file (unzip the file first)

4. It will notifiy you that the name is the same as other policies so just add any new name and hit okay

5.  You will get two other notifications about the name being the same and just cancel these.

6. This policy should now have been added to all of the templates.

Comments 2 CommentsJump to latest comment

rs_cert's picture

Nice shared. I will try the same at test Server.

0
Login to vote
consoleadmin's picture

Nice KB.

Thanks.

0
Login to vote