Endpoint Protection Small Business Edition

 View Only
Back to discussions
Expand all | Collapse all

SEP 12.1.2: Application and device control not working?

  • 1.  SEP 12.1.2: Application and device control not working?

    Posted Jul 24, 2013 03:25 AM

    Hey guys,

    I think I'm missing some piece here on using the application and device control this is what I did:

    THIS IF FOR APPLICATION CONTROL

    1. On the default rule I add *, I assume that this will monitor all things

    2.I add a launch process attemps condition and inside add cmd.exe just for testing

    3. in the action tab I chose block and add message just for proof that it is working

     

    After that I'ts not working, I already check the policy and it already updated the SEP client based on the policy serial no.

    anything  here?

     

    Thanks,



  • 2.  RE: SEP 12.1.2: Application and device control not working?

    Posted Jul 24, 2013 03:34 AM

    hi,

    For Device IDs wildcards are supported: * and ?.

    • Asterisk [*] - means zero or more of any character
    • Question mark [?] - means a single character of any value

    How to Block or Allow Devices in Symantec Endpoint Protection

     

    Article:TECH175220 | Created: 2011-11-23 | Updated: 2012-05-31 | Article URL http://www.symantec.com/docs/TECH175220

     



  • 3.  RE: SEP 12.1.2: Application and device control not working?

    Broadcom Employee
    Posted Jul 24, 2013 03:38 AM

    how did you add cmd.exe, did you gave the path?

    what is the client OS?



  • 4.  RE: SEP 12.1.2: Application and device control not working?

    Posted Jul 24, 2013 03:39 AM

    Hey,

     

    I'm looking for the Application side of blocking.

    anything?

     

    THanks,



  • 5.  RE: SEP 12.1.2: Application and device control not working?

    Broadcom Employee
    Posted Jul 24, 2013 03:46 AM

    also check if the application control rule is not set to log mode, it hs to be in Production mode.

    Also the client need to restart first time after the ADC policy been taken



  • 6.  RE: SEP 12.1.2: Application and device control not working?

    Posted Jul 24, 2013 04:01 AM

    Hi,

    I put these on the "launch process attemps: condition: C:\Windows\System32\cmd.exe

    I'm using windows 7



  • 7.  RE: SEP 12.1.2: Application and device control not working?

    Broadcom Employee
    Posted Jul 24, 2013 04:21 AM

    is the ADC component installed?

    is this 64 bit?

    have you restarted the machine after client has taken the ADC policy?



  • 8.  RE: SEP 12.1.2: Application and device control not working?

    Broadcom Employee
    Posted Jul 24, 2013 04:58 AM

    cmd.jpghere is the snapshot of the policy of the policy you may want to test

     



  • 9.  RE: SEP 12.1.2: Application and device control not working?

    Posted Jul 24, 2013 06:11 AM

    Use the process name without path: cmd.exe. That covers all occurrences of cmd.exe.

    As Pete says, check if the rule is in Production mode.



  • 10.  RE: SEP 12.1.2: Application and device control not working?

    Trusted Advisor
    Posted Jul 24, 2013 11:07 AM

    Hello,

    Check this Article:

    How to create an Application Control Policy using the Symantec Endpoint Protection Manager?

    http://www.symantec.com/docs/TECH92987

    and

    You may like to check Greg's comment on:

    https://www-secure.symantec.com/connect/forums/sepm-application-control

    Hope that helps!!



  • 11.  RE: SEP 12.1.2: Application and device control not working?

    Posted Jul 24, 2013 09:14 PM

    yes it's not on log mode, we haven't tried the restart yet I'll tell the results later thanks,



  • 12.  RE: SEP 12.1.2: Application and device control not working?

    Broadcom Employee
    Posted Jul 25, 2013 12:10 AM

    if the ADC policy for the first time on the ADC installed machine, restart to check the working of application control rule.