search cancel

[USER_PROFILE] Prefix for Application Control Exceptions are ignored by Windows 10 Clients

book

Article ID: 173146

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

On Windows 10, an application launched from a Windows user's profile directory such as C:\Users\Firstname_Lastname\AppData\MyApplication.exe does not work as expected when Symantec Endpoint Protection (SEP) is installed with  Application Control enabled. The application may appear to hang or freeze for some period of time.

You create and apply an Exception Policy for Application Control using the optional predefined prefix [USER_PROFILE], but that does not resolve the issue.

An Exception Policy for Application Control without the [USER_PROFILE] prefix, but with the absolute path such as C:\Users\Firstname_Lastname\AppData\MyApplication.exe does resolve the issue.

Environment

This only affects Windows 10 Clients and was fixed in 14.2 RU1

 SEP prefix exceptions for Application Control do not work as expected on Windows 10. The [USER_PROFILE] Prefix Application Control Exception policy works as expected on Windows 7, Server 2008R2, Server 2012R2 and Server 2016 clients. 

Resolution

Symantec is aware and currently investigating this issue.  This document will be updated when more information is available.

Possible workarounds:

  • Use the absolute path to the user's profile directory if possible:
    • For example: C:\Users\Firstname_Lastname\AppData\MyApplication.exe
  • Or
  • Use the executable file name only without any prefix or path:
    • For example: MyApplication.exe