Is it possible to Block all *.scr from running on all machines in domain besides our company screen saver ? (With SEPM).
SCR we are using is deployed using SCCM.
GPO then assigns the SCR file to current screen saver.
Thanks in adavnce.
can i maybe block all *.scr from executing and add our specific one form running ?
You can use the application and device control policy to block it but allow certain ones if needed. You can go thru this article:
Blocking files using Application Device Control within the SEPM
Here are the steps took it from Symantec security article
1. Log in to the Symantec Endpoint Protection Manager (SEPM).
2. Click on Policies.
3. Click on Application and Device Control.
4. Under Tasks, click on Add an Application and Device Control Policy.
5. On the top left click on Application Control.
6. Click on the Add... button.
7. Type a name for the Rule
8. Click on the Add... button on the bottom right "Apply this rule to the Following processes".
9. Make a seperate entry for each browsers process that you want to disallow the download the file.
Example: iexplore.exe or outlook.exe or chrome.exe
10. Click Ok.
11. Click on the Add... button on the bottom left under Rules.
12. Select Add Condition.
13. Select File and Folder Access Attempts.
14. Click on the Add... button on the right next to "Apply this rule to the Following files and folders".
15. On File or Folder Name to Match, type "*.extension". Example: " *.exe, *.scr " (without quotes)
16. Click Ok.
17 . On Actions Tab in Read Attempt and Create, Delete, or Write Attempt select "Block Access"
Optional: Can you Check Notify User for example "Is not permitted download executable files, contact the administrator"
17 . Set to Production
18. Click Ok.
18. Click Yes to assign the policy.
19. Check the boxes for any group that the policy should be applied to.
20. Click OK.
Please follow the steps -
To Block Access of Extension
Hi, did you manage to block .scr file extension?