Endpoint Protection Small Business Edition

 View Only

  • 1.  Symantec Endpoint Protection Application and device control Exception

    Posted Jul 03, 2014 11:08 PM

    Hi,

     

    I am managing a SEP 12 server at my site. We have a custom apllication and control rules configured for one clients group.

    The issue i am facing is that whenever users try to intall network printer (Samsung) the symantec client block the process.

    I figure out that rule AC17 Prevent vulnerable Windows processes from writing code is stopping spoolsv.exe to communicate with printer

    drivers. When i disabled the rule, it works perfectly fine.

     

    So, is there any way i can add exception for these drivers so as that they can communicate with spoolsv.exe and make the required changes.

    I don't think permanently removing spoolsv.exe from the rule is a safe option.

     

    Thanks,

    SuperSec

     



  • 2.  RE: Symantec Endpoint Protection Application and device control Exception

    Posted Jul 03, 2014 11:17 PM

    How to enable file and printer sharing with Symantec Endpoint Protection installed

    Article:TECH90999  | Created: 2008-01-20  | Updated: 2008-01-20  | Article URL http://www.symantec.com/docs/TECH90999

    You can configure a blank firewall rull to allow your printing application, or by the IP address.

    You can exclude printing devices from application and device control:

    For managed clients:

    1. Log in to the Endpoint Manager Console.
    2. Click Policies, then click Application and Device Control.
    3. Double-click the application and device control policy that is in use by affected clients.
    4. Click on Device Control.
    5. Under Devices Excluded From Blocking, click Add...
    6. Click Printing Devices, then click OK.


  • 3.  RE: Symantec Endpoint Protection Application and device control Exception

    Posted Jul 04, 2014 02:05 AM

    See this

    Only the way is to stop the smc while install the driver either drop the Prevent vulnerable Windows processes from writing code policy.

    HP Printer software installation halts, indicating a firewall is blocking access to a network printer.

    Article:TECH93444  |  Created: 2009-01-15  |  Updated: 2010-08-04  |  Article URL http://www.symantec.com/docs/TECH93444

    See - http://serverfault.com/questions/577995/symantec-enpoint-protection-blocking-mapped-printer-install

     



  • 4.  RE: Symantec Endpoint Protection Application and device control Exception

    Posted Jul 05, 2014 06:04 AM

    Check the ADC log (e.g. Client GUI > View Logs > Control Log) and examine what really happened. The rule AC17 seems to be a rather old ready-for-use hardening rule that first emerged for SEP 11 (see http://www.symantec.com/docs/TECH132337). This particular rule forbids spoolsv and other Windows processes to write some special files (exe, bat etc.). So it would be interesting to know which particular file was not allowed to be written by spoolsv.

    If you know that file (e.g. exludedfile.exe), you can make an exception for it in AC17:

    adc_rule02.jpg

    HTH!