Hi everybody

ADC of My SEP have strange phenomenon ..! please see my picture

Please help me slove this issue

Thanks/phamduyus

Hi,

What sep feature do you have installed ?

What happend when you disable NTP feature ?

Do you have blocked .exe extension thorugh SEP ?

Hi

What sep feature do you have installed ? => yes, I installed ADC at client

What happend when you disable NTP feature ? => I don't known. can you more explain

Do you have blocked .exe extension thorugh SEP ? => yes, I create a rule block *.exe extension thorugh SEP (you see my picture. first is blocked by SEP

What is your current verson of SEPM?

What is OS Version where this policy not working?

s it possible that you can share the small snapshot of your configured policy?

Try with file name only...or with checksum of file.

Hi,

Check this artical do you have configure this type

https://www-secure.symantec.com/connect/articles/how-block-known-virus-executables-run-userprofile-using-application-and-device-control

Check the below

How to configure Application Control in Symantec Endpoint Protection 11.0 : Configuring Application Control Policies

No it doesnot seems like SEP is blocking it. Can we re check it by disabling the SEP and executing this application?

If you can, post a screen shot of the rule or export the policy and attach so I can test as it is.

"the handle is invalid" does really look like SEP error.

- is this file embedded to Word or only linked?

- from the screenshot it references the path to ...temporary internet files -> content IE5 and mspaint[1].exe - can you confirm this linkage is really correct? or should it be on the root of teh D: drive?

- if you disabled SEP on that machine can you access this file without issues?

- is this a XP machine? are you able to reproduce the issue on win7?

What is your current verson of SEPM? => SEP 11.x

What is OS Version where this policy not working? => OS = XP pro 32 bit

- is this file embedded to Word or only linked? => File Embedded - Not link

- from the screenshot it references the path to ...temporary internet files -> content IE5 and mspaint[1].exe - can you confirm this linkage is really correct? or should it be on the root of teh D: drive? => when running I saw create file in ".... temporary internet files -> content IE5 and mspaint[1].exe"

- if you disabled SEP on that machine can you access this file without issues? => If disable SEP then same result

- is this a XP machine? are you able to reproduce the issue on win7? => Running on OS XP Pro 32 bit

Please see ADS policy config

Please see ADC policy config

- if you disable SEP on that machine can you access this file without issues? => If disable SEP then same result

...this would be pointing not really towards SEP blocking this file execution

have anyone give to me yours advise this issue ??