Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Blocking Unauthorized Files and Applications

Created: 29 Oct 2009 | 3 comments
jomargonzales's picture
10 Agree
1 Disagree
+9 11 Votes
Login to vote

As compliance for business, users must not access unauthorized applications and files. This will help to increase the productivity of every employee of a company.

For Unauthorized Files such as MP3s, AVIs, etc.

Symantec can only block specific filenames and file type extension. Smart users can bypass this blocking by renaming its file type extension.

Recommendation:

File types should be blocked using header file and not file type extensions.

For Unauthorized Applications such as Games, Instant Messaging etc.

Just like file blocking, only the file names and its hash values can only be blocked. The problem here is once the application has a newer version, it is very hard to manage all hash values. 

Recommendation: 
Symantec will automtically collect the newest version of the application and make a unique signature for daily update downloads.  

Comments

AL76's picture
03
Nov
2009
1 Vote +1
Login to vote

Blocking Unauthorized Files and Applications

In actual fact, we can block the application by using the md5 hash too. File name is just an option.

Alan Lee

Principal Regional Product Manager, Enterprise Security Group, Symantec

jomargonzales's picture
03
Nov
2009
1 Vote +1
Login to vote

My problem for MD5 value is

My problem for MD5 value is it is only recommended for 32 bit application. I have tried it with 16 bit application such as flash games and unfortunately it did not work. In addition, it is not recommended to use it especially when files have lots of md5 values such as MP3s, AVIs etc. That is why my recommendation is to block a file using its header file if possible.

Jomar Gonzales

Steven Moerman's picture
08
Mar
2010
0 Votes 0
Login to vote

I agree with the idea of

I agree with the idea of jomargonzales about the use of the header file instead of the file extension.
There are even some antivirus vendors that are already using this method.

Recommendation:

File types should be blocked using header file and not file type extensions.