It's high recommended before you apply this solution on PRODUCTION network, make some tests in the LAB network.
- Navigate to the Clients tab in the Symantec Endpoint Protection Manager (SEPM) console.
- Select the correct Client Group and the Policies tab.
- On Communications Settings, check Learn applications that run on the clients computers.
- Click Network Application Monitoring and tick the box to enable.
- Select Ask, Block, or Allow for the "When an application change is detected" setting.
- Click OK.
- On Network Application Monitoring, click on Add from... to search for learned applications.
- Define the Group and Search Criteria in the Search Applications screen.
- Check if the application that you wish is listed on Query Results. If not, restart the client computer and try again.
- If the applications is showing on the results, go to Firewall Policy.
- On Rules, click on Add Rule....
- Click Next on Welcome screen.
- Select Application on Rule Type screen.
- On Specific Application Information, select Get applications from the learned applications list and then click Next.
- The filter is optional. If you do not want configure a filter, click Next.
- On Select Learned Applications, you must to select the application that you want to block.
- When you click on Finish, you can see the new firewall rule in the list.
- To block the application in the new rule, right click on Action column and then select Block.
TIP: To verify if the firewall rule is working correctly, right click on Logging column and enable the log. The records will appear in the client logs.
File fingerprints and other extra application information does not work in the Symantec Endpoint Protection firewall rules.