Endpoint Protection

I want to block or ban or clean a file based on digital signature publisher. Mindspark Interactive Network, Inc. is a greyware whack-a-mole that hash banning just won't take care of. I need SEP to interogate the file, and upon seeing the digital signature publisher equals Mindspark Interactive Network, Inc., remove the file or clean it or delete it or quarantine it. Any hep on this would be greatly appreciative.

Thanks,

Rogue

On-prem SEPM or the 14.x cloud portal does not offer this ability. Bascially, limited to what you already mentioned, hash blocking.

Critical Systems Protection (https://www.symantec.com/products/embedded-security), or Data Center Security: Server Advanced (https://www.symantec.com/products/data-center-security, or whatever you want to call it) has the function to identify executables by cert publisher, which you can then use to tell it to block access to said files.

It doesn't delete or quarantine though, just blocks access.

It's too bad SEP's ability to apply exceptions by certificate publisher don't allow you to change the action like it does for the Application Exceptions.  Perhaps raise this as an idea?