Video Screencast Help

SEP should inform /show apopup message when any program/threat trying to manipulate explorer.exe and svchost file

Created: 30 Jun 2010 • Updated: 21 Jul 2010 | 5 comments
Bijay.Swain's picture
3 Agree
0 Disagree
+3 3 Votes
Login to vote
Status: Reviewed

SEP should inform /show apopup  message when any program/threat trying to manipulate explorer.exe and svchost file. ony on allowing manually it should go ahead otherwise blocked.

Comments 5 CommentsJump to latest comment

AKM's picture

You can do almost this by using an Application & Device Control policy. The only thing that you couldn't do is to give the user the option to manually allow the action.

Sr. Technical Support Engineer
Endpoint Security Advanced Team
Symantec Corporation
www.symantec.com

0
Login to vote
Bijay.Swain's picture

Then there is no point in A&D Policy to only disturb users as they can't do anything about the message.

0
Login to vote
mon_raralio's picture

In SEPM's defense. It is up to the administrator and not the user to set the policy for this whether or not to allow modifications to certain files.
 

“Your most unhappy customers are your greatest source of learning.”

0
Login to vote
Bijay.Swain's picture

If a user is trying to install some software which is accessing explorer.exe and svchost.exe then user should have controll to go ahead or not.

0
Login to vote
mon_raralio's picture

If that was the case, what would prevent the users from installing games and cracked softwares which may do something to the explorer.exe or some other Windows executables with or without their knowledge.

What you might need is the option to have special priveledge access for installation purposes. :D

“Your most unhappy customers are your greatest source of learning.”

0
Login to vote