Endpoint Protection

 View Only

  • 1.  How block to clean wipe tool works?

    Posted Nov 25, 2014 08:09 AM

    Our company use the sep 12.1.5 and we block to client uninstall the their sep by asking a password. but clean wipe tools does not need anything to uninstall just a launch tools is enough. Also ı tried to configure application and device control blocking but it does not work.Please help us

    Thank you



  • 2.  RE: How block to clean wipe tool works?

    Posted Nov 25, 2014 08:12 AM
      |   view attached

    Did you block cleanwipe.exe? You can also block by hash value

    How to block the access of Application using Symantec Endpoint Protection's Application and Device Control (ADC) policies

    Use the attached policy, it works

     

    Attachment(s)

    zip
    Block cleanwipe.zip   1 KB 1 version


  • 3.  RE: How block to clean wipe tool works?

    Posted Nov 25, 2014 08:32 AM

    how can ı use your atteched policy?

    ı used checksum.exe for fingerprint of cleanwipe exe and ı added but i does not work still.



  • 4.  RE: How block to clean wipe tool works?

    Broadcom Employee
    Posted Nov 25, 2014 08:33 AM

    Hi,

    You are correct with the new release of Cleanwipe you can remove SEP though SEP is password protected.

    However it's a good idea to block application itself.

    Make sure ADC policy is configured correctly and has been assigned to correct group as well.

    You should refer this article to create customize ADC policy: http://www.symantec.com/docs/TECH185907

    The best way to use SEP to block unwanted software is to block the main .EXE of the program. To confirm you always block the correct file you will want to make an MD5 hash of that file. 

    NOTE: When a program is updated to a new version a new MD5 will need to be created and added, additionally you will need to make MD5s for all versions of the .EXE that may be in use.

    Once the MD5 hash is known, the Application and Device Control policy can be configured to prevent that specific file from launching on the clients

    Can refer these articles: http://www.symantec.com/docs/TECH93451 

    http://www.symantec.com/docs/HOWTO80859 



  • 5.  RE: How block to clean wipe tool works?
    Best Answer

    Posted Nov 25, 2014 08:36 AM

    Just import the policy into the SEPM under the ADC policies. And make sure your clients are getting the policy. I've already tested and this policy works, either by cleanwipe.exe or using file hash.

    You need to click on Options and select the radial button for Match the file fingerprint

    Capture_48.JPG



  • 6.  RE: How block to clean wipe tool works?

    Posted Nov 25, 2014 08:56 AM

    thank you for your supporting. its work with md5 hash.Only one problem is that no send alert mail:)

     



  • 7.  RE: How block to clean wipe tool works?

    Posted Nov 25, 2014 08:58 AM

    You can configure that as well if needed.