Creating a deny list policy

Users and processes are blocked from accessing items in the deny list. 
  1. Click
    Policies
    .
  2. In the right pane, click the plus sign and select
    Add to Deny List
    .
  3. In the
    Add to Deny List
    dialog box, click the
    Type
    drop-down list, and select the item for which you want to create a deny list policy.
    You cannot edit the
    Type
    or
    Match Value
    after you add it. However, you can delete it or you can edit the comment.
  4. In the
    Match Value
    field, enter the value based on the type that you selected.
  5. If you selected SHA256, a
    File Size
    field appears.  The file size is only required for non-PE files (do not provide a file size for PE files). 
    The maximum supported file size is 9223372036854775807 (2^63-1) bytes.
    You can add any non-PE file that is not in the following list:
    • exe
    • dll
    • scr
    • cpl
    • sys
    • mui
    • ocx
    • acm
    • ax
    • drv
    • efi
    • tsp
    You must be running Symantec Endpoint Protection version 14.3 RUI or later to block non-PE files.
  6. Optionally, type a comment in the
    Comment
    field.
    For example, you may want to specify the file name for SHA256 hash.
  7. Click
    Save
    .