Endpoint Protection

 View Only
  • 1.  Block all *.scr from running besides our company screen saver

    Posted Dec 17, 2015 10:39 AM

    Hi

     

    Is it possible to Block all *.scr from running on all machines in domain besides our company screen saver ? (With SEPM).

    SCR we are using is deployed using SCCM.

    GPO then assigns the SCR file to current screen saver.

    Thanks in adavnce.

     



  • 2.  RE: Block all *.scr from running besides our company screen saver

    Posted Dec 17, 2015 10:50 AM

    can i maybe block all *.scr from executing and add our specific one form running ?

     

    Thanks



  • 3.  RE: Block all *.scr from running besides our company screen saver

    Posted Dec 17, 2015 10:56 AM

    You can use the application and device control policy to block it but allow certain ones if needed. You can go thru this article:

    Blocking files using Application Device Control within the SEPM



  • 4.  RE: Block all *.scr from running besides our company screen saver

    Posted Dec 17, 2015 11:14 AM

    Here are the steps took it from Symantec security article

    https://www-secure.symantec.com/connect/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware

    1. Log in to the Symantec Endpoint Protection Manager (SEPM).

    2. Click on Policies.

    3. Click on Application and Device Control.

    4. Under Tasks, click on Add an Application and Device Control Policy.

    5. On the top left click on Application Control.

    6. Click on the Add... button.

    7. Type a name for the Rule

    8. Click on the Add... button on the bottom right "Apply this rule to the Following processes".

    9. Make a seperate entry for each browsers process that you want to disallow the download the file.
    Example: iexplore.exe or outlook.exe or chrome.exe

    10. Click Ok.

    11. Click on the Add... button on the bottom left under Rules.

    12. Select Add Condition.

    13. Select File and Folder Access Attempts.

    14. Click on the Add... button on the right next to "Apply this rule to the Following files and folders".

    15. On File or Folder Name to Match, type "*.extension". Example: " *.exe, *.scr "  (without quotes) 

    16. Click Ok.

    17 . On Actions Tab in Read Attempt and Create, Delete, or Write Attempt select "Block Access"

    Optional: Can you Check Notify User for example "Is not permitted download executable files, contact the administrator"

    16. Click Ok.

    17 . Set to Production

    18. Click Ok.

    18. Click Yes to assign the policy.

    19. Check the boxes for any group that the policy should be applied to.

    20. Click OK



  • 5.  RE: Block all *.scr from running besides our company screen saver

    Trusted Advisor
    Posted Dec 17, 2015 01:13 PM

    Hello,

    Please follow the steps - 

    To Block Access of Extension

    1. Login into the SEPM console.
    2. Click Policies, and then click Application and Device Control under View Policies.
    3. Select the Application and Device Control policy which needs to be modified on the right-hand side.
    4. Click Edit the Policy under Tasks.
    5. In the pop-up window, click Application Control.
    6. Click the Add button.
    7. In section of “Apply this rule in the following process” click on ADD and enter the Asterisk (*) Sign. Then Select Ok.
    8. Now Click on Add from Bottom
    9. Click on Add Condition and select the file and folder Access attempts.
    10. Under the File and Folder Access Attempts box click on ADD in the section of “Apply this rule in the following process”
    11. Enter the Extension with Asterisk Sign (eg- *.mp3, *.scr)
    12. Then press ok
    13. Go to the Action Tab in “File and Folder Access Attempts”.
    14. Select the Block Access in the “Read Attempt” and “Create, Delete or Write Attempt”.
    15. Select Ok.
    16. Assign the policy to the required Groups.

    Regards,

     



  • 6.  RE: Block all *.scr from running besides our company screen saver

    Posted Nov 16, 2023 08:11 AM

    Hi, did you manage to block .scr file extension?