Block executables (.exe) with Symantec Endpoint Protection (SEP)
Today’s information security professionals face an increasingly complex and more rapidly changing threat environment than ever before. Often with the support or sponsorship of nation-states or multi-billion cybercrime organizations, attackers are using increasingly sophisticated techniques, zero-day threats, and targeted attacks that are difficult to quickly and accurately detect This has put organizations, large and small, at an ever-increasing risk of data breaches with compromised endpoints, with the serious problems and consequences that result, such as data corruption, data loss, data exfiltration, or even data held at ransom.
Intelligent Endpoint Solution, Symantec Endpoint Protection 14 (SEP), proactively blocks zero-day attacks and sophisticated threats with low false-positives. SEP accomplishes this by using advanced next-generation technologies such as multi-dimensional machine learning, advanced crypto malware emulation, application control, and real-time global intelligence with expert threat researchers, all of which provide signature-less protection. SEP detects and rapidly remediates the stealthiest attacks perpetrated via email, network, or endpoint with its single console integrated Endpoint Detection and Response (EDR). As the winner of the AV-Test Best Protection Award 2015 and a Leader in Gartner Magic Quadrant for Endpoint Protection Platforms for 14 straight years is indisputable evidence that Symantec has proven to be a leader in true next-generation threat protection.
Next Generation Technology in a Single Agent
Unlike legacy technology endpoint solutions, SEP includes both core and next-generation technology in a single agent, including:
- Advanced Machine Learning
- Memory Exploit Mitigation
- Intelligent Threat Cloud
- Endpoint Detection and Response (EDR) for Advanced Threat Protection (ATP)
Here are the Steps to Block executables (.exe) with Symantec Endpoint Protection (SEP)
Login to your SEMP ( Symantec Endpoint Protection Manager) and navigate to “Policies” and Click on the ‘Application and Device Control“, right-click on the empty area and select “Add” to create a New Application and device control policy.
and click “Stop Software installers (ACB)” and select the Production option here
and now you need to add you file format mentioned in below image format.
Now it’s time to assign this policy to specific group or PC. Right-click on the Newly created policy and select the “Assign” option here. That’s it.
Now when user will download .exe or another file format that you blocked will get error message “Failed – insufficient Permissions“
Also, Check How to check website category in BlueCoat
Hope my article “Block executables (.exe) with Symantec Endpoint Protection (SEP)” helps you to block your specific file format in your network.