Enabling system lockdown to run in whitelist mode

Article:HOWTO80850  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO80850
Article Type
How To


Subject


Enabling system lockdown to run in whitelist mode

You can enable system lockdown to allow only approved applications on your client computers. Only applications in the approved list are allowed to run. All other applications are blocked. The approved list is called a whitelist. Approved applications are subject to Symantec Endpoint Protection's other protection features.

Note:

By default, system lockdown runs in whitelist mode when you enable it. You can choose a whitelist or blacklist mode if you set up Symantec Endpoint Protection Manager to show both options.

You should configure system lockdown to run in whitelist mode only after the following conditions are true:

  • You tested the system lockdown configuration with the Log Unapproved Applications Only option.

  • You are sure that all the applications that your client computers need to run are listed in the approved applications list.

To enable system lockdown to run in whitelist mode

  1. On the console, click Clients.

  2. Under Clients, select the group for which you want to set up system lockdown.

    If you select a subgroup, the parent group must have inheritance turned off.

  3. On the Policies tab, click System Lockdown.

  4. If you configured Symantec Endpoint Protection Manager to display the whitelist and blacklist mode options, click Enable Whitelist Mode.

  5. Click Step 2: Enable System Lockdown to block any unapproved applications that clients try to run.

  6. Under Approved Applications, make sure that you have included all the applications that your client computers run.

    Warning:

    You must include all the applications that your client computers run in the approved applications list. If you do not, you could make some client computers unable to restart or prevent users from running important applications.

  7. To display a message on the client computer when the client blocks an application, check Notify the user if an application is blocked.

  8. Click OK.

See Making the blacklist mode for system lockdown appear in Symantec Endpoint Protection Manager

See Setting up and testing the system lockdown configuration before you enable system lockdown.

See Configuring system lockdown

See Disabling and enabling a group's inheritance.


Legacy ID



v35699757_v81626096


Article URL http://www.symantec.com/docs/HOWTO80850


Terms of use for this information are found in Legal Notices