How to create an Application Control exception or stop sysfer.dll injection into a process with SEP

book

Article ID: 181736

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

The Symantec Endpoint Protection (SEP) Application Control feature relies on injection a DLL (sysfer.dll) into processes being launched on the machine. Some applications may be incompatible with this behavior. How can a particular process be excluded from Application Control monitoring with SEP?

Exception (or exclusion) policies can be created in the Symantec Endpoint Protection Manager (SEPM) under Policies - Exceptions.

With SEP 12.1 RU1 and earlier Application Control exceptions are created via: Add - Windows Exceptions - Application Control.

With later versions of the product  Application Control exceptions are created via: Add - Windows Exceptions - File - then check the Application Control checkbox.

 

 

The older Symantec Endpoint Protection 11.0 version does not have the ability to exclude processes from Application Control.

 

To verify that the exception has worked the Microsoft Process Explorer tool can be used to check if the sysfer.dll file is loaded inside the process.

 

Attachments