Endpoint Protection

Hello All,

Is there a way SEP can be configured to block all potentially unwanted programs/applications when initiated?

We are on SEP 12 currently, and are on the path of migration to SEP 14.

Please advise.
 

Best Regards,
Jimmy
=-=-=

Are you making the determination on what a PUA is in your environment? The AV component already has signatures to detect PUAs but obviously Symantec creates the signatures so it's based on what they put out. There is a default application control rule to block applications, you just need to add the name to the rule. Is this what you're looking for? http://www.symantec.com/docs/TECH97618

Hi,

Thank you for posting your query on Symantec community.

Actually SEP is by default configured to block all unwanted programs / applications inititated whether it's inhouse application or external application. 

Symantec has created a policy that can be import into the Symantec Endpoint Protection Manager (SEPM).  This policy is very powerful and offers significant zero day protection against new threats.  

Refer the below article: Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

http://www.symantec.com/docs/TECH132337
 

Hi Jimmy,

Admins can chose the default action taken on PUAs in their environment.  The information in this article may be of interest:

All About Grayware
https://www-secure.symantec.com/connect/articles/all-about-grayware

Hi again Jimmy,

Just a ping to see if the information above has answered your query?  The thread is still marked "needs solution."