Configuring system lockdown

Article:HOWTO55130  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55130
Article Type
How To


Subject


Configuring system lockdown

System lockdown blocks any unapproved applications on your client computers.

See Setting up application and device control

To set up system lockdown for a group, Symantec recommends that you follow specific steps.

Table: System lockdown steps

Step

Action

Description

Step 1

Create file fingerprint lists for allowed applications

You should create a file fingerprint list that includes the applications that are allowed to run on your client computers. This list can be created from a corporate image that is installed regularly on client computers in your network. The image includes all the applications that you want to allow on client computers.

See Managing file fingerprint lists.

After you create file fingerprint lists, you should import them into Symantec Endpoint Protection Manager.

See Importing or merging file fingerprint lists in Symantec Endpoint Protection Manager.

Step 2

Run system lockdown in test mode

Before you enable system lockdown to block unapproved applications on your client computers, you should run system lockdown in test mode. In test mode, unapproved applications are logged but not blocked.

Run system lockdown in test mode long enough so that clients run their usual applications. A typical time frame might be one week.

After you run system lockdown in test mode, you can view the list of unapproved applications. You can view the list of unapproved applications by checking the status in the system lockdown configuration. You can decide whether to add more applications to the file fingerprint or to the allowed list.

See Running system lockdown in test mode.

Step 3

Enable system lockdown

Make sure that you have run system lockdown in test mode before you enable system lockdown. System lockdown blocks any application that is not on the approved applications list.

Note:

Make sure that you test your configuration before you enable system lockdown. If you block a needed application, your client computers might be unable to restart.

See Enabling system lockdown to block unapproved applications.

Step 4

Update system lockdown

You should update system lockdown if you add clients or install new applications on your network. You need to create new file fingerprint lists that capture the latest approved applications.

To update system lockdown, you can reset system lockdown to test mode or move new clients into a separate group where system lockdown is not enabled. Alternately, you could use a test network for new clients and applications, if the test network includes the same files as the production system.

See Enabling system lockdown to block unapproved applications.

See Managing file fingerprint lists.

Step 5

Test and remove items from system lockdown

After you run system lockdown for awhile you might accumulate many file fingerprint lists. Eventually you might not use some of these lists and you might want to remove them. Removing a file fingerprint list from system lockdown is risky. All applications in the file fingerprint list are blocked after you remove the list.

You should always test applications before you remove them from system lockdown.

When system lockdown is enabled, you can use the Test Before Removal option to log file fingerprint lists or specific applications as unapproved.

When you run this test, system lockdown does not block the applications that you are testing. You can check the Application Control log to see what unapproved applications appear there. If the log has no entries for that file fingerprint list, then you know that your clients do not use those applications. You can safely remove the list.

See Testing and removing items from system lockdown.


Legacy ID



v35628639_v59371754


Article URL http://www.symantec.com/docs/HOWTO55130


Terms of use for this information are found in Legal Notices