You see the error "The handle is invalid." when attempting to launch a process that has been blocked using an Application and Device Control policy in Symantec Endpoint Protection (SEP) 11.0
This behavior is normal. This error is displayed by the Operating System, not by SEP, and is a result of the Application Control policy intercepting and blocking the attempt to launch the process.
The error may be different depending on which type of process is trying to launch the blocked executable - launching from a CMD console window may give the error "The system cannot execute the specified program", while launching from the Explorer GUI gives the "The handle is invalid." message.
The OS error message cannot be hidden or avoided. However a separate message can be configured in the SEPM manager console when editing the Application and Device Control (ADC) policy, where you can enter a customized text to explain further why certain applications are not allowed to launch.
To customize the message in the Symantec Endpoint Protection Manager (SEPM) console:
- Go to the Policies tab and select Application and Device Control.
- Select and Edit the relevant policy.
- When editing the policy, select Application Control to the left, and Edit on the particular rule performing the process launch block.
- When editing the rule, select the icon for the correct Process Launch Attempt item to the left, and select the Action tab to the right.
- Check the "Notify user" checkbox, and type in your custom message in the field below.
- Press OK, and OK again.