NEW! W32.Stuxnet protection
Application Control rule to block Stuxnet infections.
This policy monitors '.lnk' files being READ by all processes on the following:
* Removable drives
* CD/DVD drive
* Network drives
* RAM drives
Create/write/delete are allowed but logged
The following process may read lnk files
On blocking action, the user is alerted with the following message:
See 'Vulnerability in Windows Shell Could Allow Remote Code Execution' (see Microsoft Security Advisory 2286198 for further information).
Examples of what Application Control can do
Block Attacks from removable drives
Network worms take advantage of USB and other types of removable drives. Application Control can be used to block this attack vector while still allowing an organization to use removable media like USB drives.
Prevent unknown PDF attacks
Web-based attacks are often hiding inside a PDF file. An Application Control rule can easily stop known and known attacks that hide in PDF files by preventing Acrobat and Acrobat Reader from writing code to a machine.
Prevent registration of new browser helper objects.
Browser Helper Objects, also known as BHOs, are commonly used by threats to spy on or interfere with web browsing. If your organization does not allow BHOs or has a pre-installed set of allowed BHOs, you can block all unwanted BHOs.
These and other rules sets, created for Symantec Endpoint Protection clients, can be downloaded from here:
Creating an Application and Device Control Policy http://seer.entsupport.symantec.com/docs/331049.htm
Using Application and Device Control to stop registry entries added by a threat or risk http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/07dcfaf99d61c063882575fa00705603?OpenDocument
How to use Application and Device Control to limit the spread of a threat http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5b5f6319ba48fda5882575990075e260?OpenDocument
How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d160be4b9941c53c88257674005536a3?OpenDocument
Merging Application and Device Control Policies http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010051009222048