Enabling system lockdown to run in whitelist mode
|Article:HOWTO80850|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO80850|
You can enable system lockdown to allow only approved applications on your client computers. Only applications in the approved list are allowed to run. All other applications are blocked. The approved list is called a whitelist. Approved applications are subject to Symantec Endpoint Protection's other protection features.
By default, system lockdown runs in whitelist mode when you enable it. You can choose a whitelist or blacklist mode if you set up Symantec Endpoint Protection Manager to show both options.
You should configure system lockdown to run in whitelist mode only after the following conditions are true:
You tested the system lockdown configuration with theoption.
You are sure that all the applications that your client computers need to run are listed in the approved applications list.
To enable system lockdown to run in whitelist mode
On the console, click Clients.
Under Clients, select the group for which you want to set up system lockdown.
If you select a subgroup, the parent group must have inheritance turned off.
On the Policies tab, click System Lockdown.
If you configured Symantec Endpoint Protection Manager to display the whitelist and blacklist mode options, click Enable Whitelist Mode.
Click Step 2: Enable System Lockdown to block any unapproved applications that clients try to run.
Under Approved Applications, make sure that you have included all the applications that your client computers run.
You must include all the applications that your client computers run in the approved applications list. If you do not, you could make some client computers unable to restart or prevent users from running important applications.
To display a message on the client computer when the client blocks an application, check Notify the user if an application is blocked.
Article URL http://www.symantec.com/docs/HOWTO80850