ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection Application and Device Control Policies explained

book

Article ID: 151479

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document provides detailed information on settings available in the Application and Device Control (ADC) policy for Symantec Endpoint Protection (SEP).

Environment

Symantec Endpoint Protection Manager (SEPM)

Resolution

Application Control

Application Control rule sets list

Use this page to view and manage Application Control (AC) rule sets for the selected Application and Device Control Policy. An application control rule set contains the rule conditions that monitor specified files, folders, and processes. Create or modify a collection of rules for the selected policy.

Application Control rule sets configuration options

Option Description
Enabled Defines whether this rule set is in use. Disabled rule sets are not evaluated.
Rule Sets The name of the rule set. A single policy can contain multiple rule sets.
Test/Production

Defines whether this collection of rules is in Test (log only) mode or in Production mode. Rule sets in Test mode will not block, but will log events based on the configuration of the rules.

Note: The SEPM comes with several AC rule sets that can be used as templates to secure an environment against certain types of threats. The rule sets available will depend on which version of SEPM is installed.

Add Application Control rule set

Use this dialog to configure options for a collection of rules in an Application Control policy. These rules make up the rule set.

 

Device Control

Add or delete devices to block or exclude from blocking.

Note: The list in the Devices Excluded From Blocking table does NOT show all of the allowed devices. This list shows the exceptions to the Blocked Devices list.

Device blocking options

Group or option Description
Device Name The name of the device that is blocked or excluded from blocking. Add or delete devices from this list.
Identification The ID of the device that is blocked or excluded from blocking.
Log blocked devices When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default.
Notify users when devices are blocked When this option is enabled, a message is displayed on the client indicating when devices are blocked or unblocked. If this option is enabled, click Specify Message Text to create the message.
This option is disabled by default.

 

Additional Information

About Application and Device Control policies in Endpoint Protection

The structure of an Application Control and Device Control policy