Endpoint Protection Application and Device Control Policies explained
Last Updated May 23, 2019
This document provides detailed information on settings available the Application and Device Control (ADC) policy for Symantec Endpoint Protection (SEP).
Application Control rule sets list
Use this page to view and manage Application Control (AC) rule sets for the selected Application and Device Control Policy. An application control rule set contains the rule conditions that monitor for specified files, folders, and processes. You can create or modify collections of rules for the selected policy.
Application Control rule sets configuration options
Defines whether this rule set is in use. Disabled rule sets are not evaluated.
The name of the rule set. A single policy can contain multiple rule sets.
Defines whether this collection of rules is in Test (log only) mode or in Production mode. Rule sets in Test mode will not block, but will log events based on the configuration of the rules.
The SEPM comes with several AC rule sets that can be used as templates to secure an environment against certain types of threats. The rule sets available will depend on which version of SEPM is installed.
Add Application Control rule set
Use this dialog to configure options for a collection of rules in an Application Control policy. These rules make up the rule set.
You can add or delete devices to block or exclude from blocking.
Note The list in the Devices Excluded From Blocking table do NOT show all of the allowed devices. This list shows the exceptions to the Blocked Devices list.
Device blocking options
Group or option
The name of the device that is blocked or excluded from blocking. You can add or delete devices from this list.
The ID of the device that is blocked or excluded from blocking.
Log blocked devices
When this option is enabled, an entry is added to the security log whenever a device is blocked. This option is enabled by default.
Notify users when devices are blocked
When this option is enabled, a message is sent to clients that try to use devices that are not allowed by this policy. If you enable this option, you should click Specify Message Text to create the message. This option is disabled by default.
Imported Document ID: TECH104431
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe