This document provides detailed information on settings available the Application and Device Control (ADC) policy for Symantec Endpoint Protection (SEP).
Use this page to view and manage application control rule sets for the selected Application and Device Control Policy. An application control rule set contains the rule conditions that monitor for specified files, folders, and processes. You can create or modify collections of rules for the selected policy.
Table 1: Application Control Rule Sets shows the hardware device protection rules list.
|Enabled||Shows whether this collection of rules is in use or not. Uncheck this option to disable the corresponding rule set in the policy.|
|Rule Sets||The name of a collection of rules for this policy. You can have multiple collections of rules in one policy.|
|Test/Production||Whether this collection of rules is in Test (log only) mode or in Production mode. Test mode lets you apply this collection of rules to devices without modifying the behavior of those devices. You can then examine the generated log.
When you first create a collection of rules for a policy, the mode is Test (log only). To change the mode to Production, under Test/Production for the collection of rules that you want to change, select Production from the drop-down menu.
Symantec Endpoint Protection Manager contains four default Application Control Rule Sets.
Default Application Control Rule Sets:
- Make all removable drives read-only
- Block programs from running on removable drives
- Block applications from running
- Protect client files and registry keys
You can add or delete devices to block or exclude from blocking.
Note! The list in the Devices Excluded From Blocking table do NOT show all of the allowed devices. This list shows the exceptions to the Blocked Devices list.
Table 2: Device blocking options describes the device blocking options.
|Group or option||Description|
|Device Name||The name of the device that is blocked or excluded from blocking. You can add or delete devices from this list.|
|Device ID||The ID of the device that is blocked or excluded from blocking.|
|Log blocked devices||When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default.|
|Notify users when devices are blocked||When this option is enabled, a message is sent to clients that try to use devices that are not allowed by this policy. If you enable this option, you should click Specify Message Text to create the message.
This option is disabled by default.