Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

SEP hardening App control document incorrect, maybe....

$
0
0
I need a solution

 

This link:   http://www.symantec.com/business/support/index?page=content&id=TECH171301
states that it will protect the following file types from being hijacked in the registry (shell open/shell load points protection) this is the quote:

The policy will protect the registry file associations for the following filetypes:

  • .exe
  • .com
  • .bat
  • .cmd
  • .pif
  • .scr
  • .reg

However, in the actual hardening policy, the rule set (HIPS) [AC12] shows that it is configured to protect only 3 of the above - these are the three that are actually in the policy as supplied by Symantec.

shell-load.png

 

My questions and/or comments:

* Are these accurate and perhaps based on current data showing the others aren't really at risk? (the others are no longer a concern or problem in today's computing world?)

* Is this a mistake in the above-linked documentation? (the document in the link lists several while the actual rule set has only 3 of them)

* Is this an error of omission in the policy or rule set itself? (is the linked document correct, and someone "forgot" to include the others?)


Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>