Hi,
Symantec Endpoint Protection Application and Device Control enables extra security protection for client systems. Simple rules created with Application and Device Control can enforce security policies and stop unknown malware.
Block Attacks from removable drives
Network worms take advantage of USB and other types of removable drives. Application Control can be used to block this attack vector while still allowing an organization to use removable media like USB drives.
Prevent unknown PDF attacks
Web-based attacks are often hiding inside a PDF file. An Application Control rule can easily stop known and known attacks that hide in PDF files by preventing Acrobat and Acrobat Reader from writing code to a machine.
Prevent registration of new browser helper objects.
Browser Helper Objects, also known as BHOs, are commonly used by threats to spy on or interfere with web browsing. If your organization does not allow BHOs or has a pre-installed set of allowed BHOs, you can block all unwanted BHOs.
Additional helpful documents:
Configuring Application and Device Control
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/7049d06ba3c9e86f802573620054d9c2?OpenDocument
Creating an Application and Device Control Policy http://seer.entsupport.symantec.com/docs/331049.htm
Using Application and Device Control to stop registry entries added by a threat or risk http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/07dcfaf99d61c063882575fa00705603?OpenDocument
How to use Application and Device Control to limit the spread of a threat http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5b5f6319ba48fda5882575990075e260?OpenDocument
How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d160be4b9941c53c88257674005536a3?OpenDocument
Merging Application and Device Control Policies
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010051009222048
About application and device control
Using Application and Device Control in Symantec Endpoint Protection (SEP) to block activity in common loading points for threats
http://www.symantec.com/docs/TECH96766
Hope this helps you!!