Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Application and Device Control status?

  • 1.  Application and Device Control status?

    Posted Sep 04, 2009 11:00 AM
    I'm in the process of testing my application and device control policys in my environment.  Everything is working as expected thus far but, I have a quick (hopefully) question. 

    How does one go about confirming that an endpoint has application and device control enabled?  Either by running a report from the SEPM on the monitors tab or locally at the machine? 

    The reason I ask is I know that when we put this piece of SEP in play, management will ask for how many machines have it and how many don't (reporting for management as usual).


  • 2.  RE: Application and Device Control status?

    Posted Sep 04, 2009 11:17 AM
    Click on monitor - logs
    select application and device control
    view the log
    this should give you the systems with application /device ( you have 2 options to select)

    let me know if you have any further questions :)

    happy weekend :)



  • 3.  RE: Application and Device Control status?

    Posted Sep 04, 2009 11:22 AM
    This only gives events.  Not a list of machines that have it enabled.


  • 4.  RE: Application and Device Control status?
    Best Answer

    Posted Sep 04, 2009 01:55 PM
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant  (is sysplant is there that means it is installed )
    Start =1 --Enabled
    Start= 4--Disabled




  • 5.  RE: Application and Device Control status?

    Posted Sep 07, 2009 07:14 AM
     Great stuff Vikram Kumar;  Do you know where I could find some more useful info about what SEP adds to the registry?


  • 6.  RE: Application and Device Control status?

    Posted Sep 07, 2009 07:21 AM
    What info are you looking for ?


  • 7.  RE: Application and Device Control status?

    Posted Sep 07, 2009 07:25 AM
     More of an overview. I was wondering if a document or similar exists where you can see what SEP settings in the registry you can
    a) change
    b) what they mean
    c) Like a reg key cookbook for SEP 

    For instance where did you find registry information to the answer above?

    :)


  • 8.  RE: Application and Device Control status?

    Posted Sep 07, 2009 08:35 AM
    I am also looking for that....

    I always used to play with registry in SAV.

    Wherever i get the info i am adding it to my collection. If all the info is available in one place it will be very handy for administrators




  • 9.  RE: Application and Device Control status?

    Posted Sep 07, 2009 10:50 AM
     SAV was filled with Registry tweaks 80% of SAV troubleshooting was registry based...but in SEP you cannot play around with Registry...coa the next heartbeat will reset it all..still I can create a article as to what means what..


  • 10.  RE: Application and Device Control status?

    Posted Sep 08, 2009 04:16 AM
     Yes that would be nice.

    Even if you cannot change the registry it would be nice to interpret what the settings means.

    It would be good for troubleshooting purposes.


  • 11.  RE: Application and Device Control status?

    Posted Sep 09, 2009 02:04 PM
     Maxmillan & Shp
    I have written a article on registry tweaks the ones i could remember off my head ...hope this helps.
    https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks


  • 12.  RE: Application and Device Control status?

    Posted Sep 11, 2009 07:10 AM
    Thanks Vikram...