Hi,
Here is the link to download hardened ADC policy.
Article: Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security
http://www.symantec.com/docs/TECH132337
This is important point from the list:
4. Prevents Internet Explorer (IE) and Firefox from writing code to WINDIR and Program Files, including subdirectories, also prevents Internet Explorer from launching code except in WINDIR and Program Files
Apart from this,
Use the latest version of explorer.
Use the latest service pack with latest microsoft patches.
Update third party software if there any.