Video Screencast Help

SEP 12.1.2: Application and device control not working?

Created: 24 Jul 2013 • Updated: 24 Jul 2013 | 11 comments
D@ry1's picture

Hey guys,

I think I'm missing some piece here on using the application and device control this is what I did:


1. On the default rule I add *, I assume that this will monitor all things

2.I add a launch process attemps condition and inside add cmd.exe just for testing

3. in the action tab I chose block and add message just for proof that it is working

After that I'ts not working, I already check the policy and it already updated the SEP client based on the policy serial no.

anything  here?


Operating Systems:

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture


For Device IDs wildcards are supported: * and ?.

  • Asterisk [*] - means zero or more of any character
  • Question mark [?] - means a single character of any value
How to Block or Allow Devices in Symantec Endpoint Protection
Article:TECH175220 | Created: 2011-11-23 | Updated: 2012-05-31 | Article URL

Thanks In Advance

Ashish Sharma

D@ry1's picture


I'm looking for the Application side of blocking.



pete_4u2002's picture

how did you add cmd.exe, did you gave the path?

what is the client OS?

D@ry1's picture


I put these on the "launch process attemps: condition: C:\Windows\System32\cmd.exe

I'm using windows 7

pete_4u2002's picture

also check if the application control rule is not set to log mode, it hs to be in Production mode.

Also the client need to restart first time after the ADC policy been taken

D@ry1's picture

yes it's not on log mode, we haven't tried the restart yet I'll tell the results later thanks,

pete_4u2002's picture

if the ADC policy for the first time on the ADC installed machine, restart to check the working of application control rule.

pete_4u2002's picture

is the ADC component installed?

is this 64 bit?

have you restarted the machine after client has taken the ADC policy?

pete_4u2002's picture

cmd.jpghere is the snapshot of the policy of the policy you may want to test

greg12's picture

Use the process name without path: cmd.exe. That covers all occurrences of cmd.exe.

As Pete says, check if the rule is in Production mode.

Mithun Sanghavi's picture


Check this Article:

How to create an Application Control Policy using the Symantec Endpoint Protection Manager?


You may like to check Greg's comment on:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.