Endpoint Protection

Hello

I want to block the applications of all drives, but not from the C: (system) drive. Is there a possibility to make the exclusion for the C: drive at once, so without making exception for all the (sub)directories? Regards, Jos

hi,

you can use application and device control policy to block it
in the blocking option you will get an option to exclude drives,
mention your c drive.
 

You can use application control to block an application uisng the checksum of the application


Title: 'How to configure Application Control in Symantec Endpoint Protection 11.0'
Document ID: 2007092616264848
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007092616264848?Open&seg=ent
 

Thanks.
The problem is: I want to block all applications from the drives except C: whatever the application may be. So I want to block all possible application from whatever directory it will be.
When I mention block applications on E:\* only applictions in the root of E: are blocked. So the question is: is there a possibility to block all apllication (whatever that application may be) from every (sub)directory whatever that directory may be at 1 time.

try this 

e:\*.exe, check if that block sub-directory exe files...it should

 Rafeeq's answer should be correct to block a specific drive (such as E:). I am assuming you are trying to block external drives like thumb drives. If that is the case then you should check out this guide:

How to block USB Thumb Drives and USB Hard Drives, but allow specific USB Drives in the Application and Device Control Policy in Symantec Endpoint Protection.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/b54beb2f46268ccc882574e80052960f?OpenDocument

Cheers
Grant

Do you want to block all executable which will run from a USB drive?
If yes refer below doc
How to prevent programs from running by blocking the file extension types from removable drives. 

Hello,
Thanks for your answer. I've tried the following:
e:\*  -  e:\*.exe  -   e:*    In all the three options only the exe-files in he root of the e-drive are blocked.
I want to block  all the exe files on the whole drive at once. Is there an other way? Or what am I doing wrong??

For such simple-style block, I'd think about using the built-in feature of Windows to do this instead of SEP.  SEP's Application and Device Control works well, but the block you're wanting would probably be easier in Group Policy then in SEP.  Plus, then if your users or malware somehow disables SEP, the Group Policy block would still be in effect.

This site covers it in detail, technet.microsoft.com/en-us/library/bb457006.aspx, but basically, you'd enable the Software Restriction Policy using a path rule and allow the C: drive.  Keep in mind, the Group Policy software restriction policy allows both blacklisting and whitelisting.  When whitelisting, you'll also need to allow any network-based paths that applications might run from (like logon scripts or software deployment shares).

I'll leave it to other people here to talk about how to do this in SEP.

Hi Jon,

I just sent an email with a possible solution, but looking back at this thread again I think Aravind's answer above is the best to do what you are trying. Look into getting the device ID for the E: drive and block using the procedure he gave (in the link). If that doesn't work please come back and let us know.

Thanks,
Grant

Try e:\*\*\*.exe  you can try. 

 That is funny because that is what I sent him in the email. I feel this is more of a hack though since you would have to make X number of rules where X is the depth of folders in which you would want to block the .exe. For instance:

e:\*\*.exe
e:\*\*\*.exe
e:\*\*\*\*.exe
.
.
.

I think your other answer is better : ) , but it is still funny that we had the same thought using the e:\*\*.exe

Cheers
Grant

Thanks for your answer. It Works!!

But now I have the last problem:

We work with 2Xthin clients!! And we want to use USB-devices. But we also want to control the USB-devices. Therefore we want to use SEP. The problem is that 2X thin client is small linux OS with it's own RDP software which represents the usb-devices as a system folder. (\\tsclient\hotplug\sdb1) This folder does not resides on the local disks. Making a drive-mapping to this folder is not possible.

When we block *.exe on all drives and exclude the local drives for example c: and e:

all files from drives, other then c: and e:, are blocked, but not the exe from the usb-device (\\tsclient\hotplug\sdb1). Blocking *.exe on \\tsclient\hotplug\sdb1\*.exe has no effect.

Do you have other suggestions??

Thanks and regards Jos