Home Print Show Topic URL Previous Next
IT Management Suite
Client Management Suite
Server Management Suite
Deployment Solution
Asset Management Suite

About defining applications to meter or deny

Inventory Solution

Application metering and denial is only available on Windows computers.

When you configure an application metering policy, you define the applications you want to meter by creating new or editing the existing application definitions. You can use broad or specific product definitions. For example, you can use one definition to meter all Microsoft applications, or you can use a specific definition to meter Word version 12. The metering options for each policy apply to all the applications you have added in the list for that policy.

See About software-based usage tracking, application metering, and application denial

See Defining applications to meter or deny

Several predefined application metering policies are included.

Each application that you define must have a set of definition details. The details include the product name, file name, product version, product company, and so on. Application metering policies use these details to identify the applications to meter on target computers. You can specify any number of these details.

To specify the details of the applications, you populate the fields in the Application Definition Details dialog box. You can populate these fields manually or import them from a known application. The application definition details correspond to the properties of an executable file. On Windows XP, you can see the properties when you right-click an executable file, click Properties, and then click the Version tab. On Windows Vista/7, you can see the properties when you right-click an executable file, click Properties, and then click the Details tab.

After you add an application definition to a policy, it appears in the list on the Software tab of the application metering policy page.

Table: Guidelines for specifying application definition details



All fields must be met

For an application to be monitored, it must meet the criteria of all the fields. For example, if you specify the File name and File version, only the applications that meet both of these criteria are monitored. Unspecified fields are ignored. You can use the * wildcard in these fields to represent any number of characters.

Internal file properties

Symantec recommends that you specify internal file properties rather than depend on the file name. The internal file properties are compiled into the file and are not editable by a user. The internal file properties are internal name, file version, company name, product name, and product version. If you monitor the file name and the user renames the file, your monitor policy will no longer work for that user.

Details are case-sensitive

The definition detail fields are case-sensitive.

Specify a definition name

Definition name is used in the definition list. Each definition must have a definition name.

File and product versions

Application definitions may be version-specific. You can have a definition with a specific version or you can specify no version at all. If you do not specify a version, all versions of the application are metered.

The following examples illustrate the cases when you may or may not want to use versions:

  • You want to monitor the general use of an application and want to track the usage of any and all versions.

    For example, you want to track the use of all versions of Adobe Acrobat Reader.

    You create a rule for Acrobat, enter AcroRd32.exe, or its internal name, in the file name field, and leave the version fields blank.

  • You want to monitor the use of each version of an application.

    For example, you want to track the usage of each version of an antivirus application. This option lets you determine how many users use the version. You create a separate definition for each version of the application you want to meter and enter the specific version in each rule.

  • You want to allow one version of an application to run but deny other versions.

    This option lets you enforce the use of a certain version of an application. For example, you can allow the version of an application that has a security fix while blocking the use of other versions. You create two application metering policies. In one policy, you create a rule for the approved version and set the policy to allow it to run. In the other policy, you create a definition for each version that you want to deny and set the policy to deny the applications.


When specifying application definitions, you can use wildcards to broaden the scope of a definition. To use wildcards, you by place an * before and after a string.

For example, if you want to deny certain games from running, you can use a wildcard to deny all applications from a game software company. Create a rule, and in the Company name text box, type *company_name*.

Command line

The Command line text box contains the command line that the application must use to be monitored. Include an * before and after the command-line text to ensure that the entire command line is included.