When a threat is detected within an organization’s environment, preventing its spread becomes
crucial. Symantec Endpoint Protection (SEP) allows administrators to create Application and Device
Control policies that target specific threat files to block them across the network. To block a known
malicious file, the administrator should:
Identify the File MD5 Hash: The MD5 hash serves as a unique "fingerprint" for the malicious file,
ensuring that the specific file version can be accurately identified across systems.
Create an Application Content Rule: Using the Application and Device Control feature, the
administrator can create a content rule that targets the identified file by its MD5 hash, effectively
blocking it based on its fingerprint.
Apply the Rule Across Endpoints: Once created, this rule is applied to endpoints, preventing the file
from executing or spreading.
This method ensures precise blocking of the threat without impacting other files or processes.
