Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Browser

Created: 10 Mar 2013 | 3 comments
SKP's picture

How can i Block Browser like Opera,Firefox etc via SEPM

Comments 3 CommentsJump to latest comment

Rafeeq's picture

You need to create a rule to block the executables using application and device control

You can also use application and device control to block applications from running

Login to  Symantec Endpoint Protection Manager. and Select the Policies .

Select Application and Device Control from under the View Policies menu.

Select Add and Application and Device Control from under the Tasks menu.

Select Application Control from under the Application and Device Control menu on the left side.

Select Add a new window will appear.

Select Add next to the field labeled Apply this rule to the following process.

With in the box type * .

Leave all other settings the same. Click OK.

On the left side there will be a box labeled Rules. Within it, you should see the rule listed you are working with.

Right click the rule and select Add Condition.

Select Launch Process Attempts, a new window will open.

Select Add next to the field labeled Apply this rule to the following process.

With in the box type <process name>.exe. This will be the exact name of the executable that is going to be blocked.

From the same window, select the Actions tab from the top middle.

From within the Launch Process Attempt box select Block access.

Select OK.

Select OK again from the Application Control screen.

And then Select Assign.

Rafeeq's picture

additionally There is a default application control policy called "Block applications from running"

Simply add the applications you want to block (by name or MD5 hash) into the policy where instructed and that will block them.

Chetan Savade's picture

Hi,

It's suggested to block the application with the help of MD5 value because smart user can rename the explorer.exe and try to access it.

I would suggest to test it before implementing in production environment.

Can refer this article:

Configuring Application and Device Control

http://www.symantec.com/docs/TECH102525

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<