Video Screencast Help

SEP11 Application and Device control policy question

Created: 08 Jun 2012 | 5 comments

Hi

I'm need to block application running from CD-drives and USB devices.

Application and Device control policy is added (with seems to be correct settings) and assigned to appropriate client group where I have my test client.

The problem is that even after I assured that the policy has been delivered and enabled, I still able to run a batch from CD.

Please advice what have I missed, maybe there are some additional steps I need to perform?

Thanks a lot in advance.

br,

Anton

 

 

Comments 5 CommentsJump to latest comment

Jason1222's picture

Application and device control does not work on x64 based machines in SEP 11.x

This feature was added/corrected as of SEP 12.1

Is this your case, where you are running Windows 64 bit?

Did you add your policy to log or to block access to the CD drive for example?

Chetan Savade's picture

Hi,

Since CD/DVD writing uses an unconventional read/write operation, SEP cannot block it directly.

After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged

http://www.symantec.com/business/support/index?page=content&id=TECH104800&locale=en_US

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Kolacha1's picture

Jason1222, I have x32 system (win xp sp3). The policy is configured to block all attempts to run any application from USB or CD. Also I have active system lock-down policy but even though I could run any batch form CD..

 

Chetan Savade, thanks for the link but this topic is mostly about application startup from CD but not about CD writing.

 

I still need to have a solution. Thanks in advance.