search cancel

Application Isolation best practices for Endpoint Security

book

Article ID: 175998

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security Complete

Issue/Introduction

Learn the best practices for Application Isolation when using the Symantec Security (formerly Endpoint Protection 15) Cloud platform.

Resolution

Symantec Endpoint Application Isolation offers hardening capabilities for:

  • Known good applications - Includes mostly trusted applications in an enterprise environment such as browsers, office applications, and PDF viewers.
  • Executables - Any other file or application beyond known good applications that are allowed to run in your environment.
  • Operating System (OS)
    • Components of the Windows operating system.
    • The applications and OS can be hardened against undesired behaviors of file or process execution, network connections, and registry changes.

Use the following best practices for initial and on-going deployments of Symantec Endpoint Application Isolation. 

The following table describes the best practices and their tasks:

Best Practices  Tasks
Deployment
  • Defining goals for your Application Isolation deployment.
  • Identifying the policies that you need for Application Isolation.
  • Deploying a pilot rollout of Symantec Endpoint Application Isolation.
  • Planned phases for deploying policies.
Using policies with application Isolation

When to use MEN policies with Application Isolation? 

  • Using isolation levels.
Specific deployments use cases Configuring settings for office Isolation use cases
Gaining visibility into events
  • Viewing  isolation violations and trends
  • Applications Isolation dashboard
  • Using Discovered Items
  • Events overview 
Event running and reporting
  • How to examine Application Isolation events and tune policies.
  • Typical Event view queries for specific Application Isolations violations.
  • How to tune an Application Isolation process access event.
  • Ho to tune an Application Isolation file detection event or registry detection event.
  • How to tune a network detection event.
  • Reviewing and acting on Application Isolation exception requests.
  • Running Application Isolation reports.
Agent FAQ Troubleshooting Symantec Endpoint Application Isolation issues.
Policy reference
  • Rule fields in isolation policies.
  • Using optional modifiers in Application Isolation policies
  • How to specify command-line arguments when you create rules in Application Isolation policies.
  • Application Isolation global internal rules
  • OS security settings in the platform Isolation policy.
  • Using OS security settings harden your environment.

For an overview and quick setup steps, see Getting started with Symantec Endpoint Application Isolation. 

Supported operating systems

Application Isolation is supported on Windows devices only.

  • Windows 7 (64-Bit-only)
  • Windows 8 (64 Bit-only)
  • Windows 10 (64 Bit-only)