Endpoint Protection

 View Only
  • 1.  Disable Net commands with Symantec Endpoint Protection

    Posted Oct 09, 2016 07:13 AM

    Dear all,

    I need to know that can we disable/block users to run Net commands with Symantec Endpoint Protection. Examples of some net commands are below. Your support is highly appreciated in this regard. Thanks 

     

      NET START [service]
          NET STOP [service]
          NET PAUSE [service]
          NET CONTINUE [service] 
       


  • 2.  RE: Disable Net commands with Symantec Endpoint Protection

    Posted Oct 09, 2016 08:03 AM

    not that I am aware of as this is a windows command. anyhow these commands will only work for administrator. also I would recommend you to password protect smc service so that even if the user tries to stop the services he'll be prompted to enter the password.

     

    Password-protecting the client



  • 3.  RE: Disable Net commands with Symantec Endpoint Protection

    Posted Oct 09, 2016 08:07 AM

    the goal is to prevent/block users from using net commands.

    Also do we have a policy to block Macros with SEP?

    Thanks in advance.



  • 4.  RE: Disable Net commands with Symantec Endpoint Protection

    Posted Oct 10, 2016 07:51 AM

    There's nothing specific to prevent users from launching commands, but it should be simple enough to do.  Just block file access or application launch to the below 'net' executables:

    C:\Windows\System32\net.exe

    C:\Windows\System32\net1.exe

    A simple way would be to take the inbuilt "Block applications from running [AC1]" rule and add the above path(s) into the "[AC1-1.1] Block these applications" sections list of application exe's.

    Just be aware that SEP's going to try to block any and all access/execution to/of those files, not just for users but system processes too.  So test thoroughly, make sure this is what you want, and add exceptions where necessary.