Endpoint Protection

 View Only
Expand all | Collapse all

Application & Device Control Policy

Migration User

Migration UserMar 04, 2012 06:31 AM

Migration User

Migration UserMar 06, 2012 03:18 AM

Migration User

Migration UserMar 08, 2012 03:10 AM

Hogan Chen

Hogan ChenMar 08, 2012 06:36 PM

Migration User

Migration UserMar 08, 2012 09:13 PM

  • 1.  Application & Device Control Policy

    Posted Mar 03, 2012 04:30 AM

    Hi All,

    I would like to get some advise on ADC as I am doing ADC Hardening from the Symantec Recommendation but some applications are blocking due to this. I want to get the idea on blocking the java.exe for exe but allowing the atinst.exe like picture at below.

    Please advise.



  • 2.  RE: Application & Device Control Policy

    Broadcom Employee
    Posted Mar 03, 2012 05:04 AM

    the picture is not there, you should be adding the application in exlusion list.



  • 3.  RE: Application & Device Control Policy

    Posted Mar 03, 2012 07:09 AM
      |   view attached

    Hi,

     

       Snapshot not available, but hope the below attach doc help you.



  • 4.  RE: Application & Device Control Policy

    Posted Mar 03, 2012 09:26 AM

    Actually I am doing the ADC to block the java.exe vulnerability like .exe, .dll, .... When I launch the webex, it will execute some application from the internet explorer but if i block it. I can still launch it with the java which will execute another aaa.dll. So anyway I can block the java from executing all the .dll file but except the aaa.dll??



  • 5.  RE: Application & Device Control Policy

    Posted Mar 03, 2012 11:12 PM
      |   view attached

    In the adc policy, choose a rule and on the right side, add the .dll & .exe click okay. then below that there is an option to exclude the following list there you type the list you want to be excluded.

    You may require to to full paths.

    Attachment(s)

    doc
    Doc98.doc   57 KB 1 version


  • 6.  RE: Application & Device Control Policy

    Posted Mar 03, 2012 11:25 PM

    You can also have a look at the below document

     

    How to configure Application Control in Symantec Endpoint Protection 11.0 : Configuring Application Control Policies

    http://www.symantec.com/business/support/index?page=content&id=TECH102525

    Hope it helps.



  • 7.  RE: Application & Device Control Policy

    Posted Mar 04, 2012 04:50 AM

    I don't have the full path as this aaa.dll is executed from the IE of the Webex program



  • 8.  RE: Application & Device Control Policy

    Posted Mar 04, 2012 06:31 AM
      |   view attached

    find the attach document. Hope it helping you.

    Attachment(s)



  • 9.  RE: Application & Device Control Policy

    Posted Mar 05, 2012 11:59 AM

    Sorry for the delay. try process. the above doc from gsp will give you more technical information with screenshots.



  • 10.  RE: Application & Device Control Policy

    Posted Mar 05, 2012 02:06 PM

    You can use as well file hash for exclusions, but keep in mind any new version of the file might have different hash...



  • 11.  RE: Application & Device Control Policy

    Posted Mar 05, 2012 09:52 PM

    Hi John,

     

    Can you tell us how exactly to apply exclusions based on hash value? Thanks.



  • 12.  RE: Application & Device Control Policy

    Broadcom Employee
    Posted Mar 06, 2012 12:28 AM

    i believe John is talking about this



  • 13.  RE: Application & Device Control Policy

    Posted Mar 06, 2012 03:18 AM

    Yes, that's what I meant.



  • 14.  RE: Application & Device Control Policy

    Posted Mar 06, 2012 07:46 AM
      |   view attached

    I try some steps but still cannot. I check on the log and getting the things as below:

     

    AC13-1.5] Block from loading other DLLs_Load DLL C:/Program Files/Internet Explorer/iexplore.exe C:/ProgramData/WebEx/WebEx/1224/atgpcdec.dll

     

    Due to this testing workstation is the Windows 7. That why at the policy AC13-1.5, I added the exclusion for */atgcdec.dll but still blocking.

     

    Please advise.



  • 15.  RE: Application & Device Control Policy

    Posted Mar 06, 2012 08:01 AM

    You tried to block everthing and then excluded "C:/ProgramData/WebEx/WebEx/1224/atgpcdec.dll" in the ADC, after that you get this block?



  • 16.  RE: Application & Device Control Policy

    Broadcom Employee
    Posted Mar 06, 2012 09:02 AM

    after editing the policy, has the client updated with same policy?



  • 17.  RE: Application & Device Control Policy

    Posted Mar 06, 2012 09:31 AM

    Yes I just modify the policy and will test again on tomorrow. Before that yes, I had updated the content successfully via the SEPM comand.

     

    Any better way that I can solve this as this hardening policy is from Symantec recommendation and Symantec is using the Webex suppot. Shouldn't be aware on this and by doing this policy exclusion can only implemented to the Windows 7 and how about the Windows XP?



  • 18.  RE: Application & Device Control Policy

    Posted Mar 06, 2012 10:02 AM

    Once this is successful, adding a new file path (if needed) for XP will not be an issue.

    Let us know how this goes.



  • 19.  RE: Application & Device Control Policy

    Posted Mar 07, 2012 01:27 AM

    After trying, I am still facing the same problems. Please advise.



  • 20.  RE: Application & Device Control Policy

    Posted Mar 07, 2012 04:45 AM

    Can you share all the file including/excluding detail, so ican create the policy and share you



  • 21.  RE: Application & Device Control Policy

    Posted Mar 07, 2012 05:14 AM

    Hi,

    I am trying base on this URL: http://www.symantec.com/business/support/index?page=content&id=TECH132337. From here you can import the ADC policy for testing.



  • 22.  RE: Application & Device Control Policy

    Posted Mar 07, 2012 09:08 AM
      |   view attached

    Avatar,

     

    I have modified the policy and attached here. It is just a reference. Use this. Also doesn't the exclusion you have given has wrong slash?



  • 23.  RE: Application & Device Control Policy

    Posted Mar 08, 2012 03:10 AM

    I try again but fail too. Any suggestion?



  • 24.  RE: Application & Device Control Policy

    Posted Mar 08, 2012 06:36 PM

    What SEP client OS do you have?



  • 25.  RE: Application & Device Control Policy

    Posted Mar 08, 2012 09:13 PM

    I have the Windows 7, Windows XP.



  • 26.  RE: Application & Device Control Policy

    Posted Mar 12, 2012 06:26 AM


    I think it is best to create a case with Symantec now.



  • 27.  RE: Application & Device Control Policy

    Posted Mar 12, 2012 06:41 AM

    I am thinking of that too. Hopefully Symantec really can advise on it.



  • 28.  RE: Application & Device Control Policy

    Posted Mar 12, 2012 09:39 AM

    Yes. And drop a note here when you find a solution.



  • 29.  RE: Application & Device Control Policy
    Best Answer

    Posted Apr 18, 2012 06:19 AM

    Solution:

    I didn't log a call to the Symantec but in fact I found out that 1 of setting is blocking it. So by allowing the path at that setting will solve my problems