Managing file fingerprint lists

Article:HOWTO55133  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55133
Article Type
How To


Subject


Managing file fingerprint lists

A file fingerprint list consists of a list of checksums, one for each application on a client computer. It includes the complete file paths of those applications. You can create a file fingerprint list from a software image that includes all the applications that you want to allow users to run. You can manage file fingerprint lists in Symantec Endpoint Protection Manager and use them in your system lockdown configuration.

See Configuring system lockdown.

Table: File fingerprint list management

Task

Description

Get an approved software image

Create a software image that includes all of the applications you want users to be able to run on their computers.

For example, your network might include Windows Vista 32-bit, Windows Vista 64-bit, and Windows XP SP2 clients. You can create a file fingerprint list for each client image.

Create a file fingerprint list

To create a file fingerprint list, you can use the Checksum.exe utility. The utility is installed along with Symantec Endpoint Protection on the client computer. You can run this command on each computer image in your environment to create a file fingerprint list for those images. Checksum.exe creates a text file that contains a list of all executables on that computer and their corresponding checksums.

You can run the utility from the command prompt. The file Checksum.exe is located in the following location:

C:\Program Files\Symantec\Symantec Endpoint Protection

See Creating a file fingerprint list.

Import the file fingerprint list into Symantec Endpoint Protection Manager

You can use Symantec Endpoint Protection Manager to import file fingerprint lists for each client computer type. You can merge the list into a master list. You can also add file fingerprints for the individual files that you want to approve.

See Importing or merging file fingerprint lists in Symantec Endpoint Protection Manager.

Add the file fingerprint list to your system lockdown configuration

You can use file fingerprint lists in your system lockdown configuration. The file fingerprint lists indicate the approved applications in your network.

See Configuring system lockdown.

Update file fingerprint lists when you add or change the applications that run in your network

Over time you might change the allowed applications in your network. You can update your file fingerprint lists or remove lists as necessary.

If you run system lockdown, make sure that system lockdown is disabled or running in test mode before you modify or delete any file fingerprint lists.

See Running system lockdown in test mode.

You cannot directly edit a file fingerprint list. However, you can append a file fingerprint list to an existing list. You can also merge multiple file fingerprint lists that you already imported.

See Editing a file fingerprint list in Symantec Endpoint Protection Manager.

See Importing or merging file fingerprint lists in Symantec Endpoint Protection Manager.

Delete file fingerprint lists only if you no longer use them

You can delete a file fingerprint list from Symantec Endpoint Protection Manager. However, you should not delete a file fingerprint list until you have tested your configuration. When you are sure that you no longer use the list, you can delete it from Symantec Endpoint Protection Manager.

See Testing and removing items from system lockdown.


Legacy ID



v35710740_v59371754


Article URL http://www.symantec.com/docs/HOWTO55133


Terms of use for this information are found in Legal Notices