Video Screencast Help

block access to hosts file

Created: 19 Feb 2013 • Updated: 25 Feb 2013 | 6 comments

Hello all,

 

I have activated the policy to deny access to write on hosts file using SEP, application and device control

 

Well, it is working create, and I try to edit, or replace the file, SEP deny my action..

 

But, when I replace the file using network share, like this:

 

\\pc_to_change\c$\windows\system32\drivers\etc

and modify the hosts file it works perfectly..

 

How can I fix it to deny this access???

Comments 6 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Try UnLocking the ADC Policy.

Check this Article:

How do I Block hosts file modification using Symantec Endpoint Protection (SEP) Application and Device Control policy?

https://www-secure.symantec.com/connect/downloads/how-do-i-block-hosts-file-modification-using-symantec-endpoint-protection-sep-application-

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Sumit G's picture

Check this thread

https://www-secure.symantec.com/connect/forums/hos...

 

Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

Article:TECH132337  |  Created: 2010-01-08  |  Updated: 2012-03-13  |  Article URL http://www.symantec.com/docs/TECH132337
 

 

Regards

Sumit G.

Ambesh_444's picture

Hi,

Please check with these article's.

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/business/support/index?pag...

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

dimago's picture

Hello All..

 

Thanks for answers... but..:

 

 - I already have it working... when user try to edit locally hosts file, SEP block..

 

 - When the user try to edit, using share, \\pc\c$\windows.... SEP allows the change, so:

 

PC_1 and PC_2

 

User form PC_1 call PC_2 using share, like:

from PC_1:

\\PC_2\c$\windows\system32\drivers\etc\hosts and edit it, SEP allows...

I need that SEP block it too.