All,
It was great being able to talk about some of the unique ways we use application and device control (ADC) to help secure our endpoints. Attached is a sanatized version of our lockdown policy which most users have. This policy effectivly locks down all storage media from reading/writing/executing and also has a few nifty application hardening policies. Things that can help you monitor if users are adding scheduled tasks, changing critical operating system files or registry keys. All rules are set to test mode to prevent accidents. Apply them to test machines - tweak to your environment - and test carefully before enabling.
Another great set of ADC policies for refernace is hosted at https://www.symantec.com/connect/blogs/defeat-powerware-using-sep-application-control-policies
From our Chicago Security / Midwest DLP User Group meeting on 9/21/16 at Wildfire in Schaumburg, IL.