You want to protect a file (or multiple files) from being written to or renamed. This can be done using the Application and Device Control policy of Symantec Endpoint Protection using the following steps.
In the Symantec Endpoint Protection Manager, go to the Policies > Application and Device Control policy section. Right click on the Application and Device Control policy andselect Edit...
Once the policy editor opens, select Application Control thenclick Add...
Under the properties for Rule 1, under "Apply this rule to the following processes", select Add
In the process name to match, type * (asterisk), then click OK
Under "Do not apply this rule to the following processes", use the same process as steps 3-4 to add any processes you want to exclude from this rule (eg. Add processes here that you want to be able to write to these files)
Right click the rule, select Add Condition > File and Folder Access Attempts.
Under the properties for "File and Folder Access Attempts", under "Apply this rule to the following processes", select Add
In the process name to match, type the full path to the file (wildcards can be used here), then click OK Repeat steps 7-8 for all files that need protection
For "File and Folder Access Attempts", select the Actions tab, thenselect Block access for"Create, Delete, or Write Attempt". Set logging here if needed.
Click OK to save the rule set
Ensure the rule set is enabled and set to be used in Production, then clickOK to save the policy
Assign the Application and Device control policy to the groups you want to protect. Once the client checks in and gets the policy it should now protect those files. If Application and Device control was disabled previously the client may prompt for a reboot.
Imported Document ID: HOWTO56233
Subscribing will provide email updates when this Article is updated. Login is required.