System lockdown prerequisites
The following prerequisites must be met before you can enable system lockdown:
Create file fingerprint list
You need to have created a file fingerprint list that includes the applications that are allowed. This list can be created from a corporate image that is installed regularly on users’ computers. You create this list on a computer that runs the client.
Add one or more file fingerprint lists
After you create the fingerprint lists, you need to add them to the manager.
Merge file fingerprint lists
Multiple file fingerprint lists can be merged. For example, you may use different images for different groups at your company.
You implement system lockdown in the following stages:
Set up and test system lockdown
Before you block unapproved executables, you can add one or more file fingerprint lists. Add the applications that should always be allowed, and log the results in the Control log.
Check the unapproved applications list
After a few days of testing system lockdown, you can view the list of unapproved applications. This list shows the unapproved applications that users in the group run. You can decide whether to add more applications to the file fingerprint or to the allowed list.
Enable system lockdown
Next, you can enable system lockdown blocking the applications that are not included in the file fingerprint lists.
See About system lockdown.