Hi,

Use below URL which met your requirement:

http://www.symantec.com/business/support/index?page=content&id=TECH93451

from above ready document you can block application using their MD5, so user cannot renamed any files which are blovked through Application blocking.

You are right, I also have tried out blocking with MD5 , but the issue is that the File Fingerprint list is different for different versions of the same software.

Hence maintaing a list of MD5 for a single software increases maintainance.

Hence thought would block files by theit .exe name and make a policy which avoids renaming of exe files to successfully block app's by their .exe names.

But through hash MD5 is good option to configure. I have configured the same in out environment for some applications.

we can use the filefinger print option to block the exe files..at starting iam also faced the same issue, users rename the files and used it..but now it is not possible..

use file fingerprint option..search the application value in symantec itself..search application..

Dlls are harder to rename, relocate and change less frequently. 

1. Go to the computer that contains the image for which you want to create a file fingerprint list. The computer must have Symantec Endpoint Protection client software installed.

2. Open a command prompt window.
3. Navigate to the directory that contains the file Checksum.exe. By default, this file is located in the following location:

   C:\Program Files\Symantec\Symantec Endpoint Protection

4. Type the following command:

   checksum.exe outputfile drive

   where outputfile is the name of the text file that contains the checksums for all the executables that are located on the specified drive. The output file is a text file (outputfile.txt).

   The following is an example of the syntax you use:

   checksum.exe cdrive.txt c:\

   This command creates a file that is called cdrive.txt. It contains the checksums and file paths of all the executables and DLLs found on the C drive of the client computer on which it was run.

To Assign the policy follow the following:

1. Log into the Symantec Endpoint Protection Manager (SEPM).
2. Click on the Policies.
3. Select edit the Application and Device control policy.
4. Click on Application Control in left hand pane. In the right hand pane, right click and select ADD.
5. Type in a context relevant name for the new rule in the Rule set name field.
6. Click on the ADD button at the bottom and select ADD Rule.
7. Right click newly created rule and choose Add Condition > Launch Process Attempts.
8. Click on the ADD button for Apply to following files and folders.
9. Click on Options at the bottom and select Match the file finger print and provide the value: 30deaf54a9755bb8546168cfe8a6b5e1 (This is for Windows XP. Please find below the procedure to find the file fingerprint).
10. Click on OK.
11. Click on the Actions tab and select Block Access in either of the "Read Attempt" and "Create, Delete, or Write Attempt" sections.
12. Click on OK.
13. Click on OK.
14. Ensure that the newly edited policy is selected/highlighted and select Assign the Policy under "Tasks" in the left hand pane.
15. In the new window, under the "Assign Policy" field, select the respective groups to assign the policy to.

Regards

Mark as a solution if it works

Hi All

I was successful in creating a new policy which blocks renaming of .exe files.

Now  user's  cann't rename the blocked applicatios exe file.

So now any applicaton can be blocked by their .exe name.

Thanks for all your inputs.