How do you block a file using Application Device Control? Does Application Device Control use wildcards?
You can add process definitions to Application Device Control rulesets which utilize wildcards.
Process Definition Table from the Symantec Endpoint Protection Manager Help:
Group or Option
|
Description
|
|
You can use environment variables, wildcards, and registry keys. Environment variables are useful when you have the clients that may be running various versions of Windows operating systems. For example, %windir%\calc.exe matches any path to the calc.exe application. The following options are available: · Use wildcard matching (* and ?supported) · Use regular expression matching · Only match processes running from the following drive type
For the latest information, see the Symantec Knowledge Base document: After setting up an Application and Device Control policy to block CD writing, CD writing is not blocked as expected, and write attempt is not logged (document 2008042510214848).
If you do not want to type a device ID type, you can click Select to select a device from the device list. The device list contains the device instance name and the device instance ID. Note: An application may have more than one process. You might need to add multiple processes if you want to block or allow a particular application. |
|
A file fingerprint is a checksum of an executable or DLL on a client computer. You can run a utility to generate a file fingerprint list and import this list into the console. |
|
The following options are available: · Match exactly |