Setting up system lockdown
|Article:HOWTO27320|||||Created: 2010-01-08|||||Updated: 2010-01-15|||||Article URL http://www.symantec.com/docs/HOWTO27320|
In this step, you can track these applications in a list of unapproved applications. The list of unapproved applications includes the applications that clients run but are not listed in the file fingerprint list of approved applications. The client does not block the unapproved applications. You can track the applications that clients use for informational purposes before you block those applications. You can also test whether any applications appear on the unapproved applications list. If a test runs, the status says how long it has been running and whether or not exceptions have occurred. Run system lockdown in test mode long enough to discover which unapproved applications the client computers run. Then enable system lockdown.
You can also create firewall rules to allow approved applications on the client.
To set up system lockdown
When you check this option, the associated applications are logged in the Control log as unapproved applications. However, the applications are not blocked on your client computers. You can permanently remove the file fingerprint list or applications later.
In the Unapproved Applications dialog box, review the applications. This list includes information about the time that the application was run, the computer host name, the client user name, and the executable file name.
Names can be specified using a normal string or regular expression syntax. Names can include wildcard characters (* for any characters and ? for one character). The name can also include environment variables such as %ProgramFiles% to represent the location of your Program Files directory or %windir% for the Windows installation directory.
Article URL http://www.symantec.com/docs/HOWTO27320