Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

In App and Device control I need to block something, but it does not like that path

Created: 18 Apr 2014 • Updated: 18 Apr 2014 | 18 comments
The Conquistador's picture
This issue has been solved. See solution.

How should I list this so that it is blocked across the board?

 

C:\Windows\Temp\CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe

Operating Systems:

Comments 18 CommentsJump to latest comment

Rafeeq's picture

thats not the path

you can give it as c:\windows\temp\yourfilename*.exe or *.exe

 

.Brian's picture

If you need to have a legit file run than you need to know it's name and can set it in the exclude process section.

The doc I linked explains it very well :)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

It's hard to pinpoint legitimate files because different installationsm result in different files. Blocking and entire directory seems like it would be more of a hassle.

The Conquistador's picture

Rafeeq? Like so?

 

c:\windows\temp\CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington*.exe

.Brian's picture

C:\Windows\Temp\*

Informative stuff here:

http://www.symantec.com/docs/TECH131741

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
The Conquistador's picture

All I want to do is block this one file

CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe

I do not want to block an entire directory because there may be other files that have legitimate functionality.

.Brian's picture

In the policy, under the "Apply to the following processes" section, add only that file name.

Court_Notice_Jones_Day_Washington.exe

It should than only apply to this process.

Than add C:\Windows\Temp\

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

No worries mój przyjaciel

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

not sure where you got that path from , as its in temp folder

all you need to do is 

C:\windows\temp\*\Filename.exe

\*\ means any folder below the temp folder

The Conquistador's picture

SEPM showed it like below

 

The Filename starts at CC11A3-----

C:\Windows\Temp\

CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe

 

I tried to add below, and it still won't accept it

C:\windows\temp\*\CC11A3.tmp>>Court_Notice_Jones_Day_Wa#4716.zip>>Court_Notice_Jones_Day_Washington.exe

.Brian's picture

Try adding for Court*.exe

Shorten it up, I don't think the "_" is allowed

Only wildcards accepted are % and * and ?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Ideally, you want to just block all file execution in that directory and add exclusions as needed. I find it funny that this is a well known malware directory yet even legit processes use it. I get it but time to look at doing something different.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

yes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.