IT Consultant Group

Dear All,

I am using SEPM version 12.1 and i want to block VLC and other Media Players like:( Mpg, Mp3, Mp4, Mepg, ETC). is it possible in SEPM. I found some some guides for how you block these players, i applied those setting but they doesn't work.

Can anyone guide me about that is it possible to block these media players.

Thanks

Noor

hi you can configure for blocking check this .

https://www-secure.symantec.com/connect/forums/sep-121-ru1-application-control-blocking-executables-fingerprint

http://www.symantec.com/business/support/index?page=content&id=TECH97618

Hi Noor Shaikh,

Please go through following threads.

https://www-secure.symantec.com/connect/forums/how-block-mp3-extension

https://www-secure.symantec.com/connect/forums/block-extension-mp3-flv-mp4-etc

Also, Check this publick KB

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

Hello,

Here are the Steps:

To Block Access of Extension

1. Login into the SEPM console.
2. Click Policies, and then click Application and Device Control under View Policies.
3. Select the Application and Device Control policy which needs to be modified on the right-hand side.
4. Click Edit the Policy under Tasks.
5. In the pop-up window, click Application Control.
6. Click the Add button.
7. In section of “Apply this rule in the following process” click on ADD and enter the Asterisk (*) Sign. Then Select Ok.
8. Now Click on Add from Bottom
9. Click on Add Condition and select the file and folder Access attempts.
10. Under the File and Folder Access Attempts box click on ADD in the section of “Apply this rule in the following process”
11. Enter the Extension with Asterisk Sign (eg- *.mp3, *.mp4, *.mpg, *.mpeg, *.flv)
12. Then press ok
13. Go to the Action Tab in “File and Folder Access Attempts”.
14. Select the Block Access in the “Read Attempt” and “Create, Delete or Write Attempt”.
15. Select Ok.
16. Assign the policy to the required Groups.

Block Access of Application

1. Login into the SEPM console.
2. Click Policies, and then click Application and Device Control under View Policies.
3. Select the Application and Device Control policy which needs to be modified on the right-hand side.
4. Click Edit the Policy under Tasks.
5. In the pop-up window, click Application Control.
6. Click the Add... button.
7. In section of “Apply this rule in the following process” click on ADD and enter the Asterisk (*) Sign. Then Select Ok.
8. Now Click on Add from Bottom
9. Click on Add Condition and select the Launch Process Attempts.
10. Under the Launch Process Attempts box click on ADD in the section of “Apply this rule in the following process”
11. Enter the application name (eg- vlc.exe)
12. Then press ok
13. Go to the Action Tab in “Launch Process Attempts”.
14. Select the Block Access in the “Launch Process Attempts” and check “enable logging”.
15. Select Ok.
16. Assign the policy to the required Group.

Hope that helps!!

Using fingerprint blcoking is the best options to block all restricted softwares and applications.

Please refer:

http://www.symantec.com/business/support/index?page=content&id=TECH102525

find the attach link

https://www-secure.symantec.com/connect/downloads/block-access-extension-mp3-mp4-mpg-mpeg-flv

Hi Above all attach links can help to fill up your requirements

Sorry All..no one suggestion works..i have vlc player install on client machine all above suggestion/solutions won't works on client i tried all these .

any other resolution..??

Thanks

Noor

Hey you want to block vlc player ya .mp3,.mp4 etc??

Try this docs.

this document will be help for block the VLC Player.

Attachment(s)

Firewall Policy_0.docx   358 KB 1 version

If you would like to block the media players like VLC, WMP etc. Then you can use the ADC policy to configure it. Get the fullpath of the installation file (C:\Program Files\Video lan\vlc.exe) and configure it using the previous comments.

Alternatively you can use the following links,

http://www.symantec.com/business/support/index?page=content&id=TECH97618&locale=en_US

https://www-secure.symantec.com/connect/articles/what-system-lockdown-what-stages-do-i-implement-system-lockdown-symantec-endpoint-protectio

http://www.symantec.com/business/support/index?page=content&id=TECH102526

Yes....... AJ_01 i want to block VLC and MP3 and MP4 in SEPM version 12.1.

Thanks Sharma you doc is foe version 11 i think so and i can not work. i tried but nothing happen i apply firewall policy and follow your doc and after that i open my vlc player it runs.

Guys and other work around..??

Dear Ariv i tried the ADC policies but does'nt work...

Thanks

Noor

has the client taken the new policy?

did you restart the client ?

yes after taken new policy on client i do not restart it..should i restart client machine..??

Thanks

Noor

Hi,

Block thru Finger prints following the below aricle steps...

https://www-secure.symantec.com/connect/articles/block-software-fingerprint

DCOMP ..i also tried this but when i run Checksum from cmd its creats txt file with no data , it creats empty file on the same folder..

i dont y any idea about that..??

Thanks

Noor

Ensure that the firewall component is installed on the clent machine and none of the firewall policies applied are disabled.

Sir,

Based on my own experience on the application blocking. The best thing to use is the filefingerprint blocking. you may use the Checksum.exe for this.

Run the Checksum.exe on the CMD then make a name for the .txt file for the logs. You will get the checksum.exe on the programfiles/symantec/SEP/checksum.exe

After you do these, you may go to the text file and look for the files you want to block. Get the file fingerprint and add to the application policy.

here is the example:

4d17f113d56ec082f6a32bab34ad9fc8 c:\Program Files\VirtualDJ\virtualdj_home.exe

copy the file fingerprint. (it is in italic and bold above) and add to the SEPM apps and devs control.

Apply to the group,

Then thats it... proven tested.

chuchi

Soi..when i run checksum..the file create by checsum.exe is blank..??

so what work around ? can anyother way to get the fingerprints of different applications.

Thanks

Noor

yes, can you restart the machine and verify if it works..

hello Noor,

Have u tried running the checksum on the command prompt? then space (output file?) drive

You may follow the below procedure. Maybe the command you execute is not right so it has a blank .txt file

you will run this on the computer with the application you want to block.

Hope this will help on your concern :) cheer up sir

soi soi
 

Sorry..Soi Soi ..it doesn't work as i told you i applied your checksum suggestion but the output file is blank.

Thanks

Noor

Ok Thank you i ll call Symantec Support

Thanks

Noor