How to create an Application Control exception or stop sysfer.dll injection into a process with SEP
Last Updated March 26, 2014
The Symantec Endpoint Protection (SEP) 12.1 Application Control feature relies on injection a DLL (sysfer.dll) into processes being launched on the machine. Some applications may be incompatible with this behavior. How can a particular process be excluded from Application Control monitoring with SEP?
Exception (or exclusion) policies can be created in the Symantec Endpoint Protection Manager (SEPM) under Policies - Exceptions.
With SEP 12.1 RU1 and earlier Application Control exceptions are created via: Add - Windows Exceptions - Application Control.
With later versions of the product Application Control exceptions are created via: Add - Windows Exceptions - File - then check the Application Control checkbox.
The older Symantec Endpoint Protection 11.0 version does not have the ability to exclude processes from Application Control.
To verify that the exception has worked the Microsoft Process Explorer tool can be used to check if the sysfer.dll file is loaded inside the process.
Imported Document ID: HOWTO95454
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe