Video Screencast Help

SEP 12.1 Application control

Created: 27 May 2013 • Updated: 27 May 2013 | 3 comments
This issue has been solved. See solution.

Hi,

Do we have the limit of application number in SEP 12.1 Application control list?

I checked all official documents and not find any limit of the number.
 
Do we have any document about the limit number? or do we have a suggestion number for best practice?
Operating Systems:

Comments 3 CommentsJump to latest comment

Rafeeq's picture

While there are no hard-coded limitations with regards to the number of conditions in policies, performance will be seriously impacted if policies are configured in an overly-complex manner. Please abide by the below recommendations on estimated limits.
1.Number of DeviceIDs that can be added manually to Hardware Devices in the Policy Components:
Symantec Technical Support does not recommend configuring a value greater than 1000.

2.Number of excluded devices in a Device Control policy:
Symantec Technical Support does not recommend configuring a value greater than 1000.

3.Number of Rule Sets in an Application Control policy
Symantec Technical Support does not recommend configuring a value greater than 200.

4.Number of Rules in a Rule Set in an Application Control policy
Symantec Technical Support does not recommend configuring a value greater than 200.

5.Number of Conditions in a Rule
Symantec Technical Support does not recommend configuring a value greater than 200.

6.Number of entries in a e.g. “File and Folder Access” condition for files and folder do apply (or not apply) this rule to
Symantec Technical Support does not recommend configuring a value greater than 200.

If the Application Control rule sets or conditions are very large, they will cause several performance problems:
1.The SEP client will take longer to load
2.The SEP client will take longer to switch locations
3.The SEP client will start to consume more memory
4.If there is an exceptionally large list, SEP's ADC component may even start to slow down other applications.

 

Ref: https://www-secure.symantec.com/connect/forums/best-practices-deploying-application-and-device-control-symantec#comment-7580211

SOLUTION
Mithun Sanghavi's picture

Hello,

I agree with the above suggestion.

There is no hard coded limit.  You can keep adding until you fill up all the memory.  However there will be a performance impact, the more you add. 

Also it may be hard to manage if the list gets too long. 

For example adding or removing items from the list can be tedious with a long list.  I would recommend keeping below 100.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.