The Symantec Endpoint Protection Manager has some nice feathers for controlling applications.
This Article instructs using one of the feathers called "Application Control".
1. Open Symantec Endpoint Protection Manager Console.
2. Login in admin rights.
3. Select "Policies" on the left pane.
4. Select "Application and Device control" On the left pane.
5. Double click "Application and Device control policy" on the right screen.
6. Select "Application control" On the left pane.
7. There are 7 rule sets already exist by Symantec (block writing to USB, block registry
8. Click "ADD" to make a new application control rule.
9. Add the rule name.
10. Add (browse) the process name which the rule controls.
11. Click "add" on the bottom left and choose "add condition".
12. Choose the condition type you want to add and press "action" to configure details.
13. Save all.
Another way of doing it is using "system lockdown" to enable\disable applications
we can configure it under clients>policies>system lockdown