Endpoint Protection

Hi All, I hope this question makes sense. Can i blocked the .DLL's that are used for BHO's in browsers using the Application and Device Control in SEP 12.x

Thanks

PaulC

Yes. The ADC policy has a default rule to do just this:

Have a look and see if it works for you. You can edit it to fit your needs. You'll need to add a new file condition though in order to block DLLs.

-Brian

Hello PaulCab,

Yes, You can block the .DLL's that are used for BHO's in browsers using the Application and Device Control in SEP 12.x

Here are the steps:

How to block BHO’s using Application and Device Control 

1. Log into Symantec Endpoint Protection Manager console
2. Navigate to your Application and Device control policy. (Log only as a test)( Production will test for block)
3. In application control, add a rule set. "Block BHOs"
4. Make it apply to all processes using the * in the upper dialog
5. Under Rules click to Add and choose Add Condition
6. Choose Registry Access Attempts
7. Under Apply to the following registry keys click Add
8. In Registry key add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\*
9. Click OK
10. In the Actions tab
11. Set Read Attempt to "Continue processing other rules"
12. Set Create, Delete, or Write Attempt to "Block access"
13. Click the boxes for Enable Logging
14. Click OK

Check these Articles:

How to create a rule that will block or log Browser Helper Objects in Symantec Endpoint Protection

https://support.symantec.com/en_US/article.TECH94965.html

Hardening Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security

https://support.symantec.com/en_US/article.TECH132337.html

How the Application and Device Control Hardening policy works

https://support.symantec.com/en_US/article.TECH132307.html

Regards,