Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1.2: Application and device control not working?

Created: 24 Jul 2013 • Updated: 24 Jul 2013 | 11 comments
D@ry1's picture

Hey guys,

I think I'm missing some piece here on using the application and device control this is what I did:


1. On the default rule I add *, I assume that this will monitor all things

2.I add a launch process attemps condition and inside add cmd.exe just for testing

3. in the action tab I chose block and add message just for proof that it is working


After that I'ts not working, I already check the policy and it already updated the SEP client based on the policy serial no.

anything  here?



Operating Systems:

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture


For Device IDs wildcards are supported: * and ?.

  • Asterisk [*] - means zero or more of any character
  • Question mark [?] - means a single character of any value

How to Block or Allow Devices in Symantec Endpoint Protection


Article:TECH175220 | Created: 2011-11-23 | Updated: 2012-05-31 | Article URL


Thanks In Advance

Ashish Sharma



D@ry1's picture



I'm looking for the Application side of blocking.




pete_4u2002's picture

how did you add cmd.exe, did you gave the path?

what is the client OS?

D@ry1's picture


I put these on the "launch process attemps: condition: C:\Windows\System32\cmd.exe

I'm using windows 7

pete_4u2002's picture

also check if the application control rule is not set to log mode, it hs to be in Production mode.

Also the client need to restart first time after the ADC policy been taken

D@ry1's picture

yes it's not on log mode, we haven't tried the restart yet I'll tell the results later thanks,

pete_4u2002's picture

if the ADC policy for the first time on the ADC installed machine, restart to check the working of application control rule.

pete_4u2002's picture

is the ADC component installed?

is this 64 bit?

have you restarted the machine after client has taken the ADC policy?

pete_4u2002's picture

cmd.jpghere is the snapshot of the policy of the policy you may want to test


greg12's picture

Use the process name without path: cmd.exe. That covers all occurrences of cmd.exe.

As Pete says, check if the rule is in Production mode.

Mithun Sanghavi's picture


Check this Article:

How to create an Application Control Policy using the Symantec Endpoint Protection Manager?


You may like to check Greg's comment on:

Hope that helps!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.