the ADC policy is applied to the group, the client in that will get the same policy for the said location ( in the group). Hence checking the serial number of the policy on SEPM console on details tab and comparing it with clients status on the SEPM tab will let know the clients policy.

If the policy is applied once on the client, it will not change unless a new policy is applied.

Hi,

Regarding your statement "So is their any application to check out the same, because customer told me that these type of tools avail.."

These tools could be any that may fall in the following categories:

• Auditing software
• Network monitoring
• Penetration testing software
• Diagnostic software

Searching for them could be a start. Cheers.

i know that policy will be corrupt in rare chances but I want to track that system which are define in the blockage group but policy is not getting update there. It's a daily base activity so i can't be able to download dat manually..

Some one told me that there one tool avail for audit testing purpose, it will show the detail of hostname where policy are not getting apply...

When he attached the Pendrive with that systems. Pendrives have accessed there.. These systems are in Blocked Group in SEPM

I have compared the policy on that time both was different Then I have replace the Sylink and HWID file. After that it's update with same policy but tihs activty is manually base...

I have checked the same. System and server is indicating the Green dot(communicating Sign) in SEP Client. But I don't know why the policy was not refreshed there.

pls reply how to use this application?

Hi Sumit,

To test your policy, you must meet the following:
1. Make  sure that the Policy rule is enabled on SEPM.
2. The client should have the Application and Device Control module installed.
3. The PC you're testing it on has the same Policy Serial as the one in the test group in the SEPM.

Here's some details:

Compare SEPM > Clients > Details tab...Policy Serial number to SEP Client > Troubleshooting > Management > Policy Serial Number. They should be the same.

Check the client to make sure that all modules are installed and if not, log in as administrator and go to Control Panel > Add/Remove Programs and select SEP, click on 'Change' and then check/enable all that applies.

Then, it's only a matter of testing your policy, make sure that your test procedure/script would include the process of updating the policy and then procedures to test the policy by intentionally violating the rule.

The tools you've requested might not work to test this policy for several reasons but the main would be that these tools use the Windows registry to check for information regarding your policies. Although SEP have entries in the registry, the policies is being handled by a program in SEP and not through the registry. So, auditing softwares might fail to recognize it. And modifying the registry by ADC or some other Windows app would be better.

Additional information can be found here:
Microsoft support - "How can I prevent users from connecting to a USB storage device?": http://support.microsoft.com/kb/823732
Symantec Endpoint Protection Manager - Intrusion Prevention - Policies explained: http://www.symantec.com/docs/TECH104434
Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity: http://www.symantec.com/docs/TECH105894

Cheers.