Hi All,

Can anyone tell me, How can I block Virus,Spyware known ".exe" file in SEP manger.

Many virus have been attacked in our company network and we want to block those exe files so please any one let us know that how to block them.

How to block Peer to Peer Applications (P2P) using Symantec Endpoint Protection?

Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

Check this thread

https://www-secure.symantec.com/connect/forums/sepm-application-control

These articles should help you on your way:

http://www.symantec.com/docs/TECH163673

http://www.symantec.com/docs/TECH96766

These will help you block processes that may not be known by Symantec yet (i.e. no signatures exist for them).  Obviously, if it is a known malicious file, then make sure you have the latest defs and/or grab the rapid release defs.

Thanks James,

I get try once this then I will let u know if l face any issue.....

Check out this article:

https://www-secure.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-1

It shows you how to use application monitoring to block malicious programs.

Hi Naivi24,

This article may also help, if you know the unique hash of the .exe's you are trying to block:

How to use Application and Device Control to limit the spread of a threat.
http://www.symantec.com/docs/TECH93451

Definitely submit any suspected malicious files to Symantec's Security Response.  AV definitions will be created against them, if appropriate.

Also: I definitely recommend the use of the reputation-based security features that are available in SEP 12.1.  Upgrade to SEP 12.1 and use Insight and SONAR, if you do not already have these in place!

Hello,

just allow me to support Mick2009's post.