SEE Device Control: some certain executable files cannot be blocked

book

Article ID: 159278

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Even the policy is set to block Executable files, but you can still run it from a removable device.

Resolution

As per design, SEE-DC Policy supports Read\Write control for different file types. That means copying specific file types is not allowed to\from computer to
specific Storage device. SEE DC doesn't block “executable” functionality of any file but while executing if that executable file is making Read or Write call
to itself
then it gets blocked by SEE DC as per policy.

In this case, when we run the executable file, internally no call gets executed which tries to read the file itself and hence that request never comes to SEE DC’s
file system filter driver resulting the file executes  successfully.