David,
Thanks for your response. Fingerprint or checksum is indeed another way, but that means that I need to keep track of every single version of a bad app out there -- something I want to avoid. I guess I want to know why SEP is not catching these threats via its antivirus or antimalware engine, because I think it should.
Dimitri
Instead of using Application Control to block the process by name you could block the process by checksum. Here is a link to a article on Application Control:
Title: 'How to configure Application Control in Symantec Endpoint Protection 11.0'
Document ID: 2007092616264848
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092616264848?Open&seg=ent
If you scroll down a little ways you will see where it starts to talk about blocking processes by checksum and how to use the checksum utility to collect this information.
Hope that helps!