Monitoring the applications and services that run on client computers
The Windows Symantec Endpoint Protection client monitors and collects information about the applications and the services that run on each computer. You can configure the client to collect the information in a list and send the list to the management server. The list of applications and their characteristics is called learned applications.
The Mac client does not monitor the applications and the services that run on Mac computers.
The Symantec Network Access Control client does not record information about the applications that Symantec Network Access Control clients run. The learned applications feature is not available on the console if you install Symantec Network Access Control only. If you integrate Symantec Network Access Control with Symantec Endpoint Protection, you can use the learned applications tool with Host Integrity policies. You must install the Network Threat Protection module and the Application and Device Control module on the client for this feature to work.
You can use this information to find out what applications your users run. You can also use the information when you need information about applications in the following areas:
Application and Device Control policies
For legacy clients, TruScan proactive threat scans
Host Integrity policies
Network application monitoring
File fingerprint lists
You can perform several tasks to set up and use learned applications.
Table: Steps to monitor the applications
In some countries, it may not be permissible under local law to use the learned applications tool under certain circumstances, such as to gain application use information from a laptop when the employee logs on to your office network from home using a company laptop. Before your use of this tool, please confirm that use is permitted for your purposes in your jurisdiction. If it is not permitted, please follow instructions for disabling the tool.