Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1 application and device policy is not working on Win XP

Created: 18 Jul 2013 • Updated: 19 Jul 2013 | 8 comments

Hi there,

I have been trying to figure this out for some time, but I've not been able to get this policy working till now. 

Due to our security requirements, I have been tasked with locking down any USB storage devices from running applications.  Thus far, I have configured the policy with the following settings.

Application Control:

120px_sep1.JPG

I have configured each one to block .exe applications from running from media devices as well as .msi's.  However, this doesn't seem to work.  I've tried both USB and DVD's and these applications still run, despite the fact that I have specified specific drive letters and specific extensions.

sep2.JPG

This seems to work fine on Win 7 machines, but I've not found any documentation about Win XP being a problem.

Any suggestions would be appreciated.

Cheers, and thanks.

LMM05

Operating Systems:

Comments 8 CommentsJump to latest comment

pete_4u2002's picture

has the policy taken by client?

what is teh version running on client for XP?

are XP and win 7 in the same group?

AJ_01's picture

Check the policy serial number of client and server are match or not.

Policy will work if both can match

Regard

AJ

consoleadmin's picture

Hi,

As per policy (.exe) block only on the drive letter which you have mentioned. You also need to choose CD/DVD Drive and Removable Disk to block the .exe in the USB and CD/DVD devices.

test.jpg

AttachmentSize
Application and Device Control_V1 2.pdf 1.74 MB

Thanks.

greg12's picture

I think you are confusing rules and conditions. In the rule level you only have to list the processes that will launch the applications from USB devices (e.g. Windows explorer). In most cases you don't know the exact process, so just enter an asterisk. These launching processes have nothing to do with the applications you want to block.

In the condition you should list all the applications that may not be launched (as you did before in the rule from line two and following). It must be a "Launch Process Attempts" condition ("red rocket" icon).

Have a look at the AC2 ruleset in a default ADC policy. That's a very similar approach. 

Good luck!

lmm05's picture

Hi Everyone,
Apologies for the delayed response - I have been flat out working on a number of other issues which had brought our business to a halt. 

Thank you for your suggestions in advance:

pete_4u2002 - I have checked, and the policy has been received by the client - I am running SEPM 21.1 and am using the same for the Win XP and Win 7 clients, and yes, they're in the same group.

AJ_01 - the policy serial number on the client reflects that which is on the server :)

Consoleadmin, I will try this now. 

Greg, I'm going to look at yours after the consoleadmin's suggestions.

Thank you again and apologies for the delayed response.

LMM

lmm05's picture

Hi everyone,

Apologies again for the delayed response, I just haven't had a chance to get on here.

Pete_4u2002, thank you for this - it appears that the ADC component was not installed on the machines.  I have changed the policy and the feature sets and am waiting on the Application Engineer to reboot the machines so that we can check whether or not the port lockdowns are working.

Thank you all for your help, it is greatly appreciated.

SameerU's picture

Hi

Can you check if the ADC component is installed in the SEP client

Regards