How are blocking it..I means how are you creating the policy?
On the client do you have SEP with all the features installed and communicating with SEPM? 

View the MS KB for Live Messenger ports and URL's used.

http://support.microsoft.com/default.aspx/kb/927847

Create a FW rule that blocks traffic to the login.live.com domain (https://Login.live.com).

first i set the policy in (Appliction and device control-block application from running-block these application(properties)-(wlcomm.exe(enable drive type)and  msnmsgr.exe (enable drive type).
I try to configure with firewall rule but it won't work. pls show me how to configure.

Use the default template to block applications.
Give the location for wlcomm.exe..set the action to terminate.

 http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/7049d06ba3c9e86f802573620054d9c2?OpenDocument

Add Rule--Application--give the location or just name of the exe.
Select the action block after applying this policy.Move it up to the top 7 rules. 

hello vikram kumar
i try all your solution but it won't work. How could this happen. Is there another way to block window live messenger?

Is it  not blocking MSN ..or its not blocking anything at all try to block something else..to check if the problem is something else?

I have try another application but it same.

Either something is wrong in the policy or policy is not applied on the right group..
May the client is not receiving the policy 
Or Firewall and Application and device control is not enabled on these clients..

the policy is affected the user. all the firewall, appliction and device is enable on these client.I don't know how to fix that problem.

Can you post your policy screenshots

I meant to say..Can you edit your Application and device control policy & Firewall policy and show how have you made changes in that..

here is the link that i configure policy....

http://www.megaupload.com/?d=5GKGTK6L

http://www.megaupload.com/?d=V8CU5IZF

http://www.megaupload.com/?d=JM0KYUJA

The firewall policy looks fine..except i cant see what have entered for hosts..

Application Control policy is wrong.

In the policy3 screenshot there should be only * and nothing else

also uncheck that sub processes..check box

I have exported a working application control policy to block notepad.exe
You can import and and check it,
 

http://www.megaupload.com/?d=BTOBZB8Z

I choose local/remote. I set local host for symatec endpoint manager IP and Remote host is my IP address.
I try your application control but it doesn't block.

I choose local/remote. I set local host for symatec endpoint manager IP and Remote host is my IP address.
I try your application control but it doesn't block. I can write and save the notepad.

I think you should reinstall or upgrade you SEP client, I believe that the policy canot be override. let me know how it goes

Check on the client has it updated the policy

check this registry entry to know if Application and Device control is enabled..
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant and the vlaue of Start should be 1.

On the client itself go to View Logs--Client Management-System Logs..and check when was the policy applied..reboot the client once to make sure the policy is applied and working.

Peterpan and vikram kumar

Today i uninstall the previous version and  upgarde the latest version of symantec endpoint protection 11.0.4000  .And i try all of your solution but it doesn't make any change.I check the Client Management-System Logs and the policy is applied and in the registry Application and Device Control is enable.My Symantec Endpoint Manager is Window XP and all Client are Window Vista.All the windows are 32 bit version.Do you have any idea?

http://www.megaupload.com/?d=W45EARNL

There is a new Working Application control policy for blocking notepad from SEPM ( dat file)
And the clients policy profile (xml)
Test it and let me know if it is working..in your test environment.

I try your working application control policy in SEPM and the client policy profile in client PC.After that my client machine cannot ping any other machine. And the green dot is disable.

It would be after applying Client policy..since it was my Test Machine..so i will have to check was policy I had for the Firewall...You can any time export a working policy and import it..
But is the Application Control Policy working ? it it blocking the notepad ?

Also make sure you also test it from the SEPM..

https://www-secure.symantec.com/connect/forums/how...

Read the discussion posted by mon raralio above ...to get a better idea about how it works.. 

Policies tab on the left, under view policies on the screen, choose intrusion prevention, then exceptions. Many IM services are listed, enable and choose block.
MSN messenger login for example is #20015 in the list.

Hello
I fix it.I block msn with File Fingerprint.I output hash id for live messenger with checksum.exe. Right now i can block the client.thank you  for helping me vikram.

mon.raralio froum is help me to fix that problem too.

Here is the MSN Live Messenger version 2009(Build 14.08064.206) MD5 HASH ID

16c3811f3a5cd8ea7030a42a75892136