Enabling and testing default application rules

Application control includes default rule sets that are made up of one or more rules. Default application control rule sets are installed with the
Symantec Endpoint Protection Manager
. The default rule sets are disabled at installation. To use the default rule sets in an Application Control policy, you must enable them and apply the policy to a group of clients.
For a description of the common predefined rules, see:
In the following task you can enable and test the
Block writing to USB drives
rule set.
  1. To enable and test default application rules
  2. To enable a default application rule set, in the console, click
    Application and Device Control
    , and under
    , click
    Add an Application Control Policy
  3. In the
    pane, type a name and description for the policy.
  4. Click
    Application Control
  5. In the
    Application Control
    pane, check the
    check box next to each rule set that you want to implement.
    For example, next to the
    Block writing to USB drives
    rule set, check the check box in the Enabled column.
  6. To review the rules for the rule set, select the rule, click
    , and then click
    . See:
  7. Change
    Test (log only)
  8. Assign the policy to a group, and click
  9. To test the rule set
    Block writing to USB drives
    , on the client computer, attach a USB drive.
  10. Open Windows Explorer and double-click the USB drive.
  11. Right-click the window and click
    If application control is in effect, an
    Unable to create folder
    error message appears.