Video Screencast Help

SEP 12.1.2: Application and device control not working?

Created: 24 Jul 2013 • Updated: 24 Jul 2013 | 11 comments
D@ry1's picture

Hey guys,

I think I'm missing some piece here on using the application and device control this is what I did:

THIS IF FOR APPLICATION CONTROL

1. On the default rule I add *, I assume that this will monitor all things

2.I add a launch process attemps condition and inside add cmd.exe just for testing

3. in the action tab I chose block and add message just for proof that it is working

 

After that I'ts not working, I already check the policy and it already updated the SEP client based on the policy serial no.

anything  here?

 

Thanks,

Operating Systems:

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

For Device IDs wildcards are supported: * and ?.

  • Asterisk [*] - means zero or more of any character
  • Question mark [?] - means a single character of any value

How to Block or Allow Devices in Symantec Endpoint Protection

 

Article:TECH175220 | Created: 2011-11-23 | Updated: 2012-05-31 | Article URL http://www.symantec.com/docs/TECH175220

 

Thanks In Advance

Ashish Sharma

 

 

D@ry1's picture

Hey,

 

I'm looking for the Application side of blocking.

anything?

 

THanks,

pete_4u2002's picture

how did you add cmd.exe, did you gave the path?

what is the client OS?

D@ry1's picture

Hi,

I put these on the "launch process attemps: condition: C:\Windows\System32\cmd.exe

I'm using windows 7

pete_4u2002's picture

also check if the application control rule is not set to log mode, it hs to be in Production mode.

Also the client need to restart first time after the ADC policy been taken

D@ry1's picture

yes it's not on log mode, we haven't tried the restart yet I'll tell the results later thanks,

pete_4u2002's picture

if the ADC policy for the first time on the ADC installed machine, restart to check the working of application control rule.

pete_4u2002's picture

is the ADC component installed?

is this 64 bit?

have you restarted the machine after client has taken the ADC policy?

pete_4u2002's picture

cmd.jpghere is the snapshot of the policy of the policy you may want to test

 

greg12's picture

Use the process name without path: cmd.exe. That covers all occurrences of cmd.exe.

As Pete says, check if the rule is in Production mode.

Mithun Sanghavi's picture

Hello,

Check this Article:

How to create an Application Control Policy using the Symantec Endpoint Protection Manager?

http://www.symantec.com/docs/TECH92987

and

You may like to check Greg's comment on:

https://www-secure.symantec.com/connect/forums/sepm-application-control

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.