Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

App-Policy

Created: 08 Jul 2013 | 6 comments

We have Windows 2008 R2 with SEP 12.1.2015 we have created a app policy for blocking *.exe files from USB and by mistake it apply on the my cpmpany group now it apply all servers, pc and dc also now all application including explorer.exe is also blocked and pc and server are not allow to login. Any suggestion how to remove this policy because we cannot login on all pc an servver.

Thanks

 

 

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

But you can login to the SEPM via the remote console, correct?

Have you withdrawn the policy completely from all group? Or at the very least, put the rule into TEST mode?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

I'm pretty sure that withdrawing or removing policy will not work as it would have blocked smc.exe also....

create  a new policy, import it manually on the machine

How to export/import an existing Symantec Endpoint Protection policy

.Brian's picture

He says he can't login to anything so not sure how he is going to import than either...

You can try this from safemode perhaps but this may prove challenging as client functionality is limited. You should be able to remove app/device control component in safemode although it sounds like this affects many machines?

 

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Golani's picture

Hi

even we are not able to login to SEPM server then how we can withdrawn

and how to put the rule into TEST mode

Thanks

 

 

.Brian's picture

Do you have access to a PC that is not affected by this rule? Have you tried booting into safemode and removing the app/device component so you can have a functioning machine?

You can use the SEPM remote console.

Access via https://<sepmname>:9090 and download the console and login. However, I'm assuming you have access to a machine not affected by this.

Once in, you can go to the App/device control policy and select the rule and click the drop down to put into test mode.

However as Rafeeq mentioned this may not work as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Agreed with Brian.

Hope it has not blocked windows, in safe mode enable msiexec

  1. Go to (Start) and select (Control Panel)
  2. Select (Uninstall Program) on Vista, Win 7, and 2008 operating systems or (Add/Remove Programs) on older systems.
  3. Select (Symantec Endpoint Protection)
  4. Select (Change) a new window will open
  5. Select (Next)
  6. Select (Modify) and then (Next)
  7. Click on the Plus (+) sign next to (Proactive Threat Protection) to expand it
  8. Click on the arrow icon next to (Application and Device Control)
  9. From the drop down menu select (Entire feature will be unavailable)
  10. Select (Next) and follow through with the wizard.
  11. Reboot the System

or else Support can help you out.