Endpoint Protection Application and Device Control Policies explained

book

Article ID: 151479

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document provides detailed information on settings available the Application and Device Control (ADC) policy for Symantec Endpoint Protection (SEP).

Resolution

Application Control

Application Control rule sets list

Use this page to view and manage Application Control (AC) rule sets for the selected Application and Device Control Policy. An application control rule set contains the rule conditions that monitor for specified files, folders, and processes. You can create or modify collections of rules for the selected policy.

Application Control rule sets configuration options

Option Description
Enabled Defines whether this rule set is in use. Disabled rule sets are not evaluated.
Rule Sets The name of the rule set. A single policy can contain multiple rule sets.
Test/Production

Defines whether this collection of rules is in Test (log only) mode or in Production mode. Rule sets in Test mode will not block, but will log events based on the configuration of the rules.

The SEPM comes with several AC rule sets that can be used as templates to secure an environment against certain types of threats. The rule sets available will depend on which version of SEPM is installed.

Add Application Control rule set

Use this dialog to configure options for a collection of rules in an Application Control policy. These rules make up the rule set.

 

Device Control

You can add or delete devices to block or exclude from blocking.

Note The list in the Devices Excluded From Blocking table do NOT show all of the allowed devices. This list shows the exceptions to the Blocked Devices list.

Device blocking options

Group or option Description
Device Name The name of the device that is blocked or excluded from blocking. You can add or delete devices from this list.
Device ID The ID of the device that is blocked or excluded from blocking.
Log blocked devices When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default.
Notify users when devices are blocked When this option is enabled, a message is sent to clients that try to use devices that are not allowed by this policy. If you enable this option, you should click Specify Message Text to create the message.
This option is disabled by default.