Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

In App and Device control I need to block something, but it does not like that path

Migration User

Migration UserApr 18, 2014 09:34 AM

 Here is a screen shot
Migration User

Migration UserApr 18, 2014 09:40 AM

That filename is very bizarre
Migration User

Migration UserApr 18, 2014 09:52 AM

That's what I needed. Thank you again!!!!
ℬrίαη

ℬrίαηApr 18, 2014 09:54 AM

No worries mój przyjaciel
Migration User

Migration UserApr 18, 2014 10:05 AM

C:\windows\temp\Court*.exe That worked too!!!
Migration User

Migration UserApr 18, 2014 10:40 AM

Agreed!!!
ℬrίαη

ℬrίαηApr 18, 2014 10:53 AM

  • 1.  In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:32 AM

    How should I list this so that it is blocked across the board?

     

    C:\Windows\Temp\CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe



  • 2.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:34 AM
      |   view attached

    Here is a screen shot



  • 3.  RE: In App and Device control I need to block something, but it does not like that path
    Best Answer

    Posted Apr 18, 2014 09:35 AM

    C:\Windows\Temp\*

    Informative stuff here:

    http://www.symantec.com/docs/TECH131741



  • 4.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:35 AM

    thats not the path

    you can give it as c:\windows\temp\yourfilename*.exe or *.exe

     



  • 5.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:40 AM

    That filename is very bizarre



  • 6.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:43 AM

    If you need to have a legit file run than you need to know it's name and can set it in the exclude process section.

    The doc I linked explains it very well :)



  • 7.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:46 AM

    All I want to do is block this one file

    CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe

    I do not want to block an entire directory because there may be other files that have legitimate functionality.



  • 8.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:48 AM

    It's hard to pinpoint legitimate files because different installationsm result in different files. Blocking and entire directory seems like it would be more of a hassle.



  • 9.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:50 AM

    Rafeeq? Like so?

     

    c:\windows\temp\CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington*.exe



  • 10.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:50 AM

    In the policy, under the "Apply to the following processes" section, add only that file name.

    Court_Notice_Jones_Day_Washington.exe

    It should than only apply to this process.

    Than add C:\Windows\Temp\



  • 11.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:52 AM

    That's what I needed. Thank you again!!!!



  • 12.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:52 AM

    not sure where you got that path from , as its in temp folder

    all you need to do is 

    C:\windows\temp\*\Filename.exe

    \*\ means any folder below the temp folder



  • 13.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:54 AM

    No worries mój przyjaciel



  • 14.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:57 AM

    SEPM showed it like below

     

    The Filename starts at CC11A3-----

    C:\Windows\Temp\

    CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe

     

    I tried to add below, and it still won't accept it

    C:\windows\temp\*\CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe



  • 15.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 09:59 AM

    Try adding for Court*.exe

    Shorten it up, I don't think the "_" is allowed

    Only wildcards accepted are % and * and ?



  • 16.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 10:05 AM

    C:\windows\temp\Court*.exe

     

    That worked too!!!



  • 17.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 10:20 AM

    Ideally, you want to just block all file execution in that directory and add exclusions as needed. I find it funny that this is a well known malware directory yet even legit processes use it. I get it but time to look at doing something different.



  • 18.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 10:40 AM

    Agreed!!!



  • 19.  RE: In App and Device control I need to block something, but it does not like that path

    Posted Apr 18, 2014 10:53 AM

    yes