Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to block media player

Created: 26 Dec 2012 • Updated: 26 Dec 2012 | 13 comments

Hi,

How I can block media player and other media tools through SEPM?

Comments 13 CommentsJump to latest comment

Ashish-Sharma's picture

Block Access of Application

  1. Login into the SEPM console.
  2. Click Policies, and then click Application and Device Control under View Policies.
  3. Select the Application and Device Control policy which needs to be modified on the right-hand side.
  4. Click Edit the Policy under Tasks.
  5. In the pop-up window, click Application Control.
  6. Click the Add... button.
  7. In section of “Apply this rule in the following process” click on ADD and enter the Asterisk (*) Sign. Then Select Ok.
  8. Now Click on Add from Bottom
  9. Click on Add Condition and select the Launch Process Attempts.
  10. Under the Launch Process Attempts box click on ADD in the section of “Apply this rule in the following process”
  11. Enter the application name (eg- vlc.exe)
  12. Then press ok
  13. Go to the Action Tab in “Launch Process Attempts”.
  14. Select the Block Access in the “Launch Process Attempts” and check “enable logging”.
  15. Select Ok.
  16. Assign the policy to the required Group.

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

Article:TECH97618  |  Created: 2009-01-20  |  Updated: 2009-01-20  |  Article URL http://www.symantec.com/docs/TECH97618
 

https://www-secure.symantec.com/connect/downloads/block-access-extension-mp3-mp4-mpg-mpeg-flv

Thanks In Advance

Ashish Sharma

Nagesh Singh's picture

Hi ashish,

already tryied but this solutions is not working?

please find the screen short of the same.

Thanks & Regards,

Nagesh Singh

greg12's picture

Hi Nagesh,

that won't work. You cannot write more than one file extension in one single line. It should look like this:

*.mp3
*.mp4
*.mpg
...
 

And please click on "Block applications from running" and check if you have entered an asterisk "*" (without quotes) in the application list. Thus you have forbidden the access to media files by every application.

If this is your goal, it's not necessary to add a rule ("Block these applications") against launching of particular media players. You may delete it.

Ashish-Sharma's picture

Hi,

Can you provide Actions tab scree shot ?

Policy are applied in SEP client ?

What sep componets are install sep client..

Thanks In Advance

Ashish Sharma

Nagesh Singh's picture

Hi,

1) you can see in above screen short I have already highlited in red.

2) yes client has new policy

3) client has all componets install with it.

Thanks & Regards,

Nagesh Singh

Ajit Jha's picture

Can u please post the screen shot of the Action Tab and alos the main page of application Control, over which u are editing this policy?

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ajit Jha's picture

1. Log in to the SEPM.
2. Click on Policies.
3. Click on "Application and Device Control".
4. Create a new Application and Device Control policy or use an existing one
5. Click on your selected policy to edit
6. Click on Application Control
7. Click on the "Add..." button.
8. Click on the "Add..." button on the bottom left under Rules.
9. Select "Add Condition".
10. Select "Launch Process Attempts".
11. Click on the "Add..." button on the right next to "Apply to the following processes:".
12. Click on the "Options>>" button at the lower right.
13. Select the Radio button for "Match the file fingerprint".
14. Copy the MD5 hash into the field for the fingerprint.
15. Check "Only match processes with the following arguments" and add an * in the box and select "Use regular expression matching"
16. Click OK.
17. Go to the "Actions" tab
18. Decide if you want to block the file when it runs or just log it
a. To log choose "Continue processing other rules and check "Enable logging", there are 16 levels of logging but "Critical - 0" should be sufficient.
b. To block choose "Block Access", you can enable logging under this option as well.
c. You can also select check the "Notify User" to make the end user aware that they are using unauthorized software via pop-up message.
19. Click OK.
20. Make sure your new rule is checked enabled and is set for production (test will log only) when you are ready to use it.
21. Click OK.
22. Click Yes to assign the policy.
23. Check the boxes for any group that the policy should be applied to.
24. Click OK.

 
 

 

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Nagesh Singh's picture

Hi ajit,  

how to create MD5 value for media player?

Thanks & Regards,

Nagesh Singh

Ashish-Sharma's picture

Generate an MD5 hash:

There are many different ways to generate an MD5 hash, here are two of the easiest methods:

You may submit a file to http://www.threatexpert.com and the generated report will contain the hash value. This report will be emailed to your chosen email address and made available on the site.

Microsoft has a freely available utility called the File Checksum Integrity Verifier. 
The utility is discussed in great detail in Microsoft's KB 841290.
http://support.microsoft.com/kb/841290

Reference

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

Article:TECH97618  |  Created: 2009-01-20  |  Updated: 2009-01-20  |  Article URL http://www.symantec.com/docs/TECH97618
 

Thanks In Advance

Ashish Sharma

Ambesh_444's picture

Hi Nagesh,

Please check with below threads and let me know.
 
https://www-secure.symantec.com/connect/forums/how-block-mp3-extension
 
https://www-secure.symantec.com/connect/forums/block-extension-mp3-flv-mp4-etc
 
Also, Check this publick KB
 
How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage
 
http://www.symantec.com/docs/TECH97618
 
https://www-secure.symantec.com/connect/articles/block-software-fingerprint
 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Nagesh Singh's picture

Hi ambesh,

This all tryied please see above screen short and which I have uploaded and suggest if there is some other options avilable?

Thanks & Regards,

Nagesh Singh

Ajit Jha's picture

HI

The first step is to identify the MD5 hash of the threat. There are several ways to find this information.

Generating a fingerprint

Solution 1
Microsoft has a freely available utility called the File Checksum Integrity Verifier.
The utility is discussed in great detail in Microsoft's KB 841290.
http://support.microsoft.com/kb/841290

Solution 2
SlavaSoft has a utility called HashCalc that is freely available for download on the Internet at http://www.slavasoft.com/hashcalc/.
1. Download and install the HashCalc software.
2. Run the HashCalc software from the All Programs menu.
3. In the drop down menus at the top select File for Data Format.
4. In the Data field, click the "..." button.
5. Navigate to the executable file that is suspicious and click Open.
6. Make sure the check box for MD5 is checked.
7. Click the Calculate button at the bottom.

Solution 3
The Endpoint Protection client comes with a Sygate utility called Checksum.exe. This utility will generate a file with MD5 hash value for a specified file.
 

    • Open a command prompt window.
    • Start > Run > type: cmd > hit Enter or OK
    • Navigate to the directory that contains the file checksum.exe. By default, this file is located in the following location: C:\Program Files\Symantec\Symantec Endpoint Protection
    • by default: cd C:\Program Files\Symantec\Symantec Endpoint Protection
    • Type the following command: checksum.exe outputfile inputfile
        • where 'outputfile' is the name of the text file that contains the checksum for specified file. The output file is a text file (i.e. outputfile.txt).\
          where 'inputfile' is the exact path to the file you want to generate the hash value from.
    • The following is an example of the syntax you use: checksum.exe C:\checksum.txt "C:\Program Files\sample.exe"
        • In this example the command creates a file that is called checksum.txt in the root C: folder. It would contain the checksum of the specified file sample.exe.

Solution 4
Symantec has created a utility called EsugMD5.exe, which can be provided to customers upon request.

Solution 5
You may submit a file to www.threatexpert.com and the generated report will contain the hash value. This report will be emailed to your chosen email address and made available on the site.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ajit Jha's picture

Hi Nagesh,

Let me understand, you are trying to block the files/extensions or you want to Block the applications. If application then mp3,mp4 are not the right file types.

The members posted their comments, have provide you all the methods to block an application form execution. Its not so complicated to configure as you are saying.

Anyways please have a look into your configuration once again and revert back, else you can open a support case with Symantec Technical support.

Regard's

Ajit Jha

Technical Consultant

ASC & STS