Endpoint Protection

 View Only

  • 1.  SEP12.1.4.1 Application and Device Control

    Posted Nov 14, 2014 01:41 PM

    Hello gents,

     

    Does anyone know of a way to validate if ADC is enabled in the machine (SEP12.1.4.1)? I am not talking about the SEP GUI, but a registry key - For instance :

    SEPADC = 1 or 0 (enabled or disabled).

    Any idea?

    Thanks in advance!!

     



  • 2.  RE: SEP12.1.4.1 Application and Device Control

    Posted Nov 14, 2014 01:56 PM

    There is nothing in the registry. I believe you can query the DB directly. See this thread from Steve Kintakas and SQL query:

    https://www-secure.symantec.com/connect/forums/zero-day-flaws-found-symantecs-endpoint-protection-computerworld-article-73014-629am-et#comment-10365321



  • 3.  RE: SEP12.1.4.1 Application and Device Control

    Posted Nov 14, 2014 11:47 PM

    Hi,

    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysPlant

    on the right hand side you will find values like Start

    If Start -4 it means disabled

    Start-1 it means adc is enabled.



  • 4.  RE: SEP12.1.4.1 Application and Device Control

    Posted Nov 19, 2014 12:46 PM

    Thanks guys!