SEE Device Control: some certain executable files cannot be blocked


Article ID: 159278


Updated On:


Symantec Products


Even the policy is set to block Executable files, but you can still run it from a removable device.


As per design, SEE-DC Policy supports Read\Write control for different file types. That means copying specific file types is not allowed to\from computer to
specific Storage device. SEE DC doesn't block “executable” functionality of any file but while executing if that executable file is making Read or Write call
to itself
then it gets blocked by SEE DC as per policy.

In this case, when we run the executable file, internally no call gets executed which tries to read the file itself and hence that request never comes to SEE DC’s
file system filter driver resulting the file executes  successfully.