Video Screencast Help

avoid creating a windows service application and device control in SEP

Created: 24 Sep 2013 | 6 comments
julrendo's picture

good



They can tell you how we can avoid creating a service in windows aplication with policy control and device SEP



thank you very much

Operating Systems:

Comments 6 CommentsJump to latest comment

Brɨan's picture

I'm not sure what you mean, can you elaborate? Are you talking exceptions for ADC?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

julrendo's picture

Hi Brian

for example we want to avoid creating the CRDRVPS named service, we could do preventing registry keys are created,

when trying to create a service that must create or modify the registry keys

Thanks

Mithun Sanghavi's picture

Hello,

Are you talking about hardening the SEP to increase security - 

Check these Articles:

Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

http://www.symantec.com/docs/TECH132337

How the Application and Device Control Hardening policy works

http://www.symantec.com/docs/TECH132307

SEP Application Control policy to protect executable file registry configuration

http://www.symantec.com/docs/TECH171301

How to protect systems with SEP from an autorun.inf that links to malware.

http://www.symantec.com/docs/TECH201440

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Brɨan's picture

You could just create the rule but exclude the specific reg keys from applying to that rule.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

julrendo's picture

hello



could also avoid creating a file, it would be possible with the SEP,

for example want to avoid creating the file test.exe

how could I?



Thanks

Brɨan's picture

Just follow this example:

http://www.symantec.com/docs/TECH185907

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.