Learn how to use Application and Device Control in Symantec Endpoint Protection to block or log unauthorized software usage.
SEP block software by hash
Software may include peer-to-peer (P2P) applications, media players, instant messengers, image burning software, games, proxies, and other programs.
The most common method for blocking unauthorized software is to block the primary program executable. To ensure that the correct file is blocked, Symantec recommends that you calculate an MD5 hash of the file.
Note: When an update for a program is available and its executable modified, you need to create and add a new MD5 hash. Hashes are necessary for all versions of the executable that may be in use.
Use one of the following methods to generate an MD5 hash:
Note: Some of these tools are 32-bit applications. Due to Windows file system redirection on 64-bit operating systems, some unexpected behavior can occur.
If an application such as notepad.exe is present in both of the following folders, each file has different hash values. Symantec recommends that you add both hash values to the policy.
Note: Some MD5 hash tools may provide hash values of files in the
C:\Windows\SysWOW64\ folder, even though you request values for files in the
C:\Windows\System32\ folder. Symantec’s checksum.exe tool (recommended) generates hash values for the exact file path requested.
Application and Device Control
Administrators may create policies to block specific software using Application and Device Control (ADC) in SEP. ADC can block threats for which virus definitions are not yet available, and can be used to prevent the unwanted use of legitimate applications (Grayware/PUAs).
Note: SHA-256 hashes are also supported on SEP 14.3 RU1 and higher clients. Also, bulk hash values cannot be uploaded in ADC policy.