My Windows 7 and Windows XP machines are in the same group. It would be a lot of work to find them all and move them one by one to another SEP group. Due to the latest IE/Flash bug, I'd like to block Adobe Flash on only machines running Windows XP.
Is there a way to do that?
First use this tool to move XP to different gropu
http://www.symantec.com/business/support/index?page=content&id=TECH157429
then use adc policy to block adobe
Move XP machines to a new group and apply an ADC policy for it.
The problem is that finding all of the XP machines and manually moving them is very time consuming.
You can use move vbs tool to move all the XP system to new group and then appy policy to block flash o XP system group.
Or you can sort them using os and then move XP system to different group and apply a policy.
Monitor - logs - computer status report
sort by OS, this will give you XP machines,
use the tool to move clients to different group
http://www.symantec.com/business/support/index?page=content&id=TECH97764
apply ADC.
SEPM has detect Flash Player Vulnerability
Adobe Patches Exploited Flash Player Vulnerability
https://www-secure.symantec.com/connect/blogs/adobe-patches-exploited-flash-player-vulnerability
Definitely be sure that Flash is up-to-date on all computers throughout the organization!
Adobe Patches Exploited Flash Player Vulnerability https://www-secure.symantec.com/connect/blogs/adobe-patches-exploited-flash-player-vulnerability
If it is desired to block Flash on all XP machines, I agree with Rafeeq's posts, above.