Video Screencast Help
Search Video Help Close Back
to help

Prevent funmoods toolbar with SEP 12.1

Created: 07 Sep 2012 | Updated: 07 Sep 2012 | 2 comments
cmptekinc's picture
cmptekinc
0 0 Votes
Login to vote

Hey Guys,

A couple of users ended up installing Funmoods (toolbar). Removing funmoods is time consuming...

I was wondering if anyone can suggest on how to prevent funmoods from being installed in the first place.

 

Thanks

Discussion Filed Under:
, , , ,

Comments 2 CommentsJump to latest comment

Brian81's picture
Brian81 Trusted Advisor
Prevent funmoods toolbar with SEP 12.1 - Comment:07 Sep 2012 : Link

You can block the files using an application and device control policy:

https://www-secure.symantec.com/connect/sites/default/files/Application%20and%20Device%20Control_V1%202_1.pdf

 

https://www-secure.symantec.com/connect/forums/application-device-control-policy-1

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
Ashish-Sharma's picture
Ashish-Sharma
Prevent funmoods toolbar with SEP 12.1 - Comment:07 Sep 2012 : Link

You can blocked toolbar.exe by using Application device policy.

1. Log in to the Symantec Endpoint Protection Manager (SEPM).
2. Click on Policies.
3. Click on Application and Device Control.
4. Under Tasks, click on Add an Application and Device Control Policy.
5. On the top left click on Application Control.
6. Click on the Add... button.
7. Type a name for the Rule
8. Click on the Add... button on the bottom right "Apply this rule to the Following processes".
9. Type a name of the browsers processes that will not to able to download the file. Example: IEXPLORE.EXE (Can you add more than one process)
 
 
 
 
10. Click Ok.
11. Click on the Add... button on the bottom left under Rules.
12. Select Add Condition.
13. Select File and Folder Access Attempts.
14. Click on the Add... button on the right next to "Apply this rule to the Following files and folders".
15. On File or Folder Name to Match, type "*.extention". Example: " *.exe "  (without quotes) (Can you add more than one extention or file)
 
 
 
 
 
16. Click Ok.
17 . On Actions Tab in Read Attempt and Create, Delete, or Write Attempt select "Block Access"
Optional: Can you Check Notify User for example "Is not permited download executable files, contact the administrator"
 
 
 
 
 
16. Click Ok.
17 . Set to Production
18. Click Ok.
18. Click Yes to assign the policy.
19. Check the boxes for any group that the policy should be applied to.

20. Click OK

 

Please NOTE: Network Threat Protection feature is required to be installed on the machines carrying SEP 11.x, where as it is an optional, incase of SEP 12.1 clients.

 

You could also try:

Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

http://www.symantec.com/docs/TECH132337

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

0
Login to vote
  • Actions