Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Application and Device Control in MR4

Updated: 21 May 2010 | 7 comments
Kui's picture
Kui
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello,

I did a seamless upgrade to MR4 and had all policies working etc. That was a month ago. The application control I have in place is to block running of *.exe from removable drives. Plus I've also disabled the right of the user to disable endpoint from the client user interface. Yesterday the users suddenly got the right to disable endpoint, and unless I disable the app control policy I assigned, they can't run applications from their local drives..basic office apps.

What could have have happened? How do I fix it? Right now everyone has to disable endpoint to get any work done at all!

discussion Filed Under:
, , , ,

Comments

pete_4u2002's picture
30
Sep
2009
1 Vote +1
Login to vote
pete_4u2002
Symantec Employee

check the group policy for

check the group policy for which clicnet is able to disable the policy, assuming if it has been accident human error...

check the policy number on the client. It should be the same as that on the SEPM

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

AravindKM's picture
30
Sep
2009
0 Votes 0
Login to vote
AravindKM

Pls review the policy changes

Pls review the policy changes had done in last two days (both in sepm level and in domain level) 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Kui's picture
30
Sep
2009
0 Votes 0
Login to vote
Kui

Ok..will check. But nothing

Ok..will check. But nothing was changed. Unless is domain level, I know for sure that SEPM level has had no changes in a month! Thanks..will get back..

Vikram Kumar-SAV to SEP's picture
30
Sep
2009
1 Vote +1
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

Try withdrawing and

Try withdrawing and re-assingning the policy..but definitely something would have changed also review your policies once.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

SOLUTION
sandip_sali's picture
30
Sep
2009
0 Votes 0
Login to vote
sandip_sali
Technical Support

Application and Device control policy

Hi,

       The time frame taken for the policy to be applied to the clients depends on the network speed and the number of clients. You mentioned that you observed some discrepancy yesterday. We would request you to check the logs so that we have a clear idea as to since when are we facing this issue. Its possible that the policy might not have been deployed properly. As rightly suggested please review the Application and Device control policy.

Thanks & Regards Sandip C Sali

Kui's picture
01
Oct
2009
0 Votes 0
Login to vote
Kui

Will do that today and report

Will do that today and report on the progress. Thanks for the ideas guys!

Kui's picture
01
Oct
2009
1 Vote +1
Login to vote
Kui

Thanks alot. I reviewed the

Thanks alot. I reviewed the policy. As Vikram Kumar said, something did change. Turns out the organisation's sys admin felt the need to tamper with the policies and had blocked ALL applications. I had no words.
Edited and assigned the policies as was required.

Thanks all.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,065