Running system lockdown in test mode

Article:HOWTO55131  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55131
Article Type
How To


Subject


Running system lockdown in test mode

When you run system lockdown in test mode, you do not block unapproved applications. Instead, unapproved applications are logged in the Control log. After you determine that your system lockdown settings are correct, you can enable system lockdown. Typically, you run system lockdown in test mode for a week, or enough time for clients to run their normal applications.

See Configuring system lockdown

Note:

You can also create firewall rules to allow approved applications on the client.

To run system lockdown in test mode

  1. In the console, click Clients.

  2. Under Clients, locate the group for which you want to set up system lockdown.

  3. On the Policies tab, click System Lockdown.

  4. In the System Lockdown for name of group dialog box, click Step 1: Log Unapproved Applications Only to run system lockdown in test mode.

    This option logs the unapproved network applications that clients are currently running.

  5. Under Approved Applications, add or remove file fingerprint lists or specific files.

    See Editing a file fingerprint list in Symantec Endpoint Protection Manager.

  6. To view the list of unapproved applications, click View Unapproved Applications.

    In the Unapproved Applications dialog box, review the applications. This list includes information about the time that the application was run, the computer host name, the client user name, and the executable file name.

  7. Determine how you want to handle the unapproved applications.

    You can add the names of applications that you want to allow to the list of approved applications. You can add the executable to the computer image the next time that you create a file fingerprint.

  8. Click Close.

  9. To specify the executables that are always allowed even if they are not included in the file fingerprint list, under the File Name list, click Add.

  10. In the Add File Definition dialog box, specify the full path name of the executable file (.exe or .dll).

    Names can be specified using a normal string or regular expression syntax. Names can include wildcard characters (* for any characters and ? for one character). The name can also include environment variables such as %ProgramFiles% to represent the location of your Program Files directory or %windir% for the Windows installation directory.

  11. Either leave Use wildcard matching (* and ? supported) selected by default, or click Use regular expression matching if you used regular expressions in the file name instead.

  12. If you want to allow the file only when it is executed on a particular drive type, click Only match files on the following drive types.

    Then unselect the drive types you do not want to include. By default, all drive types are selected.

  13. If you want to match by device ID type, check Only match files on the following device id type, and then click Select.

  14. Click the device you want in the list, and then click OK.

  15. Click OK.

  16. To display a message on the client computer when the client blocks an application, check Notify the user if an application is blocked.

  17. To write a custom message, click Notification, type the message, and click OK.

  18. Click OK.


Legacy ID



v35686118_v59371754


Article URL http://www.symantec.com/docs/HOWTO55131


Terms of use for this information are found in Legal Notices