Prevent malicious applications from running
This scenario shows you how to prevent the end user from running cmd.exe.
Scenario description
In this scenario:
- The end user has run C:\windows\system32\cmd.exe at least once since the Application Control Agent was installed.
- File Inventory Agent has returned file inventory to the Notification Server.
Scenario resolution
- In the Symantec Management Console, on the Home menu, click Arellia > Application Control
- In the left pane, select Policies > Application Control >Manage Applications.
- In the right pane, enter "cmd" in the Win32 Executable field and click Refresh.
- Select all rows of the grid and click the Blacklist button.
- Run Collection Delta Update Schedule. For instructions, see Notification Server Help.
- Enable the Deny Blacklist execution policy. See Manage Applications.
- On a managed computer, start cmd.exe. The cmd.exe will not start and you receive a system tray message.
