In order to block specific applications from running in a computer, follow the following steps in creating Application Control Policy.
ADVANTAGE: of this is that even if the EXE file will be renamed, it will still be blocked by SEP because it will base its detection on the EXE’s signature.
DISADVANTAGE: Getting the hash of the EXE should be done to each EXE file that you want to block.
Open Symantec Endpoint Protection Manager and go to Application and Device Control. Click Add an Application and Device Control.
Go to Application Control tab. Click Add button to add a custom application control.
On the left panel, go to Rule1 then edit the Rule Name in order to label the purpose of the rule. In this example, this will be named Unapproved Browsers.
Right-click the newly created rule to add conditions, then select Lauch Process Attempts. In this example, this will be named Explorer2Lite and TORBrowser.
Indicate the processes that can call the EXE that you want to block. One good example is the Windows Explorer. But on this example, we’ll include all EXEs in c:\windows\ in order to make sure that no Windows default processes can call the application being blocked.
Click on one of your conditions. On the properties page for the condition, make sure that the check box Enable this condition is ticked. Then below that, there is a box saying Apply to the following processes. Click the Add button.
On the Add Process Definition window, select the Match the fingerprint. Then paste the md5 hash (signature) of the EXE. You can use free EXE hash generator downloadable from the Internet.
Click OK once done.
Once done, the new rule should appear under the list of application controls. To ensure this will be applied, it should be enabled.
Project Puchufy 