Endpoint Protection

  • Private Community
 View Only

  • 1.  blocking command.com

    Posted Mar 24, 2010 05:47 AM

    Hello,

    Excuse me for my poor english..

    Is there a way to block command.com via the SEP manager ?

    Thank you




  • 2.  RE: blocking command.com

    Posted Mar 24, 2010 05:55 AM



  • 3.  RE: blocking command.com

    Posted Mar 24, 2010 06:04 AM
    How to create an Application Control Policy using the Symantec Endpoint Protection Manager?
    create a rule for blocking command.com as per above doc


  • 4.  RE: blocking command.com

    Posted Mar 24, 2010 06:24 AM
    Follow the steps to block cmd.exe


    Open the Symantec Endpoint Protection Manager.

    Select the Policies tab from the left side.

    Select Application and Device Control from under the View Policies menu.

    Select Add and Application and Device Control from under the Tasks menu.

    A new window will open.

    Select Application Control from under the Application and Device Control menu on the left side.

    Select Add a new window will appear.

    Select Add next to the field labeled Apply this rule to the following process.

    With in the box type * .

    Leave all other settings the same. Click OK.

    On the left side there will be a box labeled Rules. Within it, you should see the rule listed you are working with.

    Right click the rule and select Add Condition.

    Select Launch Process Attempts, a new window will open.

    Select Add next to the field labeled Apply this rule to the following process.

    With in the box type <process name>.exe. This will be the exact name of the executable that is going to be blocked.

    From the same window, select the Actions tab from the top middle.

    From within the Launch Process Attempt box select Block access.

    Select OK.

    Select OK again from the Application Control screen.

    If you have not assigned your policy to a group, a new window will pop up asking you to do so. Please select all groups that apply.

    If you would like to double check what groups the policy is assigned to, or would like to change what groups it applies to, Right Click the policy under the Application and Device Control Policies window.

    Select Assign.

    From the new window select all groups that apply.



  • 5.  RE: blocking command.com

    Posted Mar 24, 2010 07:21 AM

    Thank you for your answers but this doesn't work. It works for cmd.exe but not for command.com.

    Any adeas ?




  • 6.  RE: blocking command.com

    Posted Mar 24, 2010 07:29 AM
    Do you specified the name as command.com only?


  • 7.  RE: blocking command.com

    Posted Mar 24, 2010 08:56 AM
    I have tried :

    - command.com
    - and with the path : C:\WINDOWS\system32\command.com

    but it doesn't work

    Thank you for your reply




  • 8.  RE: blocking command.com

    Posted Mar 25, 2010 03:58 AM
    Block it by using fingerprint.This article can help you in  this.
    Block Software By Fingerprint


  • 9.  RE: blocking command.com

    Posted Mar 25, 2010 06:28 AM
    Hello AravindKM,

    Thank you for your reply.

    I have tried to block it by using the fingerprint but the result file is empty for command.com. It works for cmd.exe etc.. but it doesn't work for command.com.




  • 10.  RE: blocking command.com

    Posted Mar 25, 2010 06:54 AM
    You can get some on line sites also for finding out the fingerprint of this file


  • 11.  RE: blocking command.com

    Posted Mar 25, 2010 08:06 AM
    Not a Symantec way, but you can do this via Group Policy:

    http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html

    Should be able to do it by hash so even if a user tries to rename it, or run it from a floppy it will still be blocked.  Hopefully you have Active Directory, or this wil need to be set on each machine, or if you use something like ghost to image computers, you can set it on your image.