![]() The challenge I ran into when blocking exes in "appdata" is the policy started blocking legitimate installs. I thought I would share my experience with the ADC policy in case someone decides to pursue this path.įirst of all, thanks to SMLatCST I can pinpoint the folders and subfolder level using Regex. I got some very useful advice including the regex expression and links in this thread. Running SEP 12.1 on manager and endpoint. Has anyone been able to make an ADC policy work for a specific folder level when using a wildcard for an extension type like exe? I tried adding a "\" as an escape character, but that did not help. The rule I wrote above however blocks in "anotherfolder" too which I want to avoid. For example, I want to block exes in c:\users\*\appdata\somefolder\ but not in c:\users\*\appdata\somefolder\anotherfolder\. I only wanted to check in folders one level down, no further. I wanted to update the rule to look at one folder level down from the application data folder. That seems to work if the files are in the application data folder. ![]() We implemented an application policy that blocks c:\documents and settings\*\application data\*.exe and c:\users\*\appdata\*.exe. We called Symantec and were given advice to restrict running exes in the application data folders (appdata for Win7). ![]() The machines impacted were unfortunately not running supported AV. My company has been hit a couple of times by Cryptolocker recently.
0 Comments
Leave a Reply. |