Endpoint Protection

 View Only

  • 1.  How do i prevent registry modification using SEP?

    Posted Dec 27, 2011 05:47 AM

    How do i prevent modification to my registry uding appliction control?

     

    I  have created a rule using with a registry access attempts condition, but it seems that its not blicking me from modifying my registry.

    basically, under the properties tab in the condition, i click on the add button, and enter the path for my registry key and leave the rest of the fields blank.

    Under the action tab, read attempt, i have allow it to process other rules and block access when create, delete or modify.

     

    But SEP is not reflecting anything when i try to modify my registry.

     

    Please assist.

    Thanks



  • 2.  RE: How do i prevent registry modification using SEP?

    Posted Dec 27, 2011 06:09 AM

    Hello Paranormal

    What version of SEPm are you using, also are you trying to use the application or the device control policy and that seems not to be working, Is that the case?



  • 3.  RE: How do i prevent registry modification using SEP?

    Broadcom Employee
    Posted Dec 27, 2011 06:18 AM

    is the client restarted after it has got the new policy?



  • 4.  RE: How do i prevent registry modification using SEP?

    Trusted Advisor
    Posted Dec 27, 2011 07:24 AM

    Hello,

    To resolve the issue:

    1. Stop the SMC service by clicking ‘Start’ then in the Run box type “Smc –Stop”.
    2. Go to *\Program Files\Symantec\Symantec Endpoint Protection and find the Serdef.dat and Serdef.dat.bak.
    3. Rename the serdef.dat file to serdef1.dat.
    4. Rename serdef.dat.bak back to serdef.dat.
    5. Start the SMC service by clicking ‘Start’ then type in the Run box “Smc –Start”.

    The client will now use the serdef.dat backup file to connect with the SEP Manager and get the new policy/updates.

    Reference: http://www.symantec.com/docs/TECH96760

    Hope that helps!!