Hi everyone,

We are using the EndPoint ver 12.1 now. We'd like config a Application and Device control policy that help prevent some applications running. But we are want apply this policy to user only. The admin user can permit run every application. Please help us how to do for this situation.

Thank you,

you need to install that in user mode

About user mode and computer mode

Change and qpply the policy from computer mode to user mode on that groups

hi,

SEP clients can be switched to User mode in one of the following ways:

1. Installing a SEP client using a User mode package.
2. Manually switching a SEP client to User mode in the Symantec Endpoint Protection Manager (SEPM).
3. Associating a user account in your environment with a client already in User mode.

It is not possible for SEP clients to automatically switch between Computer mode and User mode predictably. Clients can only automatically switch modes during the initial registration phase, and depending on how the Reconnection Preferences were set in the client's Communications Settings policy. Because of the results are not predictable, it is recommended to configure clients as either Computer mode or User mode clients, not as both

http://www.symantec.com/business/support/index?page=content&id=TECH201075

Great forums.You are help very very quickly.

Thanks to Rafeeq, Raju123, James007

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

Adding one more article for reference: http://www.symantec.com/docs/TECH102686

If the client software runs in user mode, the client computer gets the policies from the group of which the user is a member. If the client software runs in computer mode, the client computer gets the policies from the group of which the computer is a member

Policies in the Symantec Endpoint Protection Manager (SEPM) can be applied to users or computers organized together or separately into groups. When a Symantec Endpoint Protection (SEP) client connects to the Manager it can provide user and computer information for the purposes of identifying itself. In addition, if there exists a match for both the user and the computer in the Manager, then the client's preference configuration will determine which setting is applied.

Hi Chetan Savade,

Thanks for your explain.

I'd like ask more question. I used the Application and Device control policy for prevent shares folder. It's done smoothly. But I found that it's prevent access to the system shares also. (ex C$, IPC$...).

Could i prevent user's shares but permit the system's shares by a policy of Application and Device control  ?

Thank you,

Under exclude option add C$ and IPC$

Check by adding manual exclusion.

Excluding applications from application control

http://www.symantec.com/docs/HOWTO55212

Excluding a file or a folder from scans

http://www.symantec.com/docs/HOWTO80920