I need help to configure a policy inside Symantec Endpoint Protection (v. 12.1.6) which needs to block .exe files from running in a specific network drive.
Let me explain it further:
When I create a user in my AD, it automatically creates a "profile folder" for each user, so they can store useful files and access from any computer inside the company. This folder has a hard quota with only 100MB. Let call this drive "H:\".
Some weeks ago I noticed that one of these folders had over 2.6GB (don't ask me how did this happen). I started investigating and discovered that this user had videos, musics and many other files inside of it, including a prohibited software (a browser that passes straight through my proxy server).
Based on that, I activated the File Screen on Microsoft File Server Resource Manager (Win Server 2K12 R2) so they can't store executable items in "H:\". Problem is: if I send a compressed executable file to "H:\", they can open the file and run the software - which's exactly what I DON'T want.
Inside my SEP I have policies for removable devices such as pen drivers, external HDDs, DVD-RW and so on. One of these policies blocks running executable files from CDs/DVDs, pen drives and etc., but I can't figure out how to choose a specific nework drive to apply it.
Can someone please help me?