Automatically updating whitelists or blacklists for system lockdown
| Article:HOWTO81094 | | | Created: 2012-10-24 | | | Updated: 2013-01-30 | | | Article URL http://www.symantec.com/docs/HOWTO81094 |
Symantec Endpoint Protection Manager can automatically update existing file fingerprint lists and application name lists that system lockdown uses in whitelist or blacklist mode.
Symantec Endpoint Protection Manager can update existing lists. It cannot automatically upload a new whitelist or blacklist.
You can also manually update existing file fingerprints.
Table: Updating whitelists or blacklists for system lockdown
Step | Task | Description | ||
|---|---|---|---|---|
Step 1 | Create updated file fingerprint lists or application name lists and compress the files | You can use the checksum.exe utility or any third-party utility to create the updated file fingerprint lists. You can use any text editor to update application name lists. The lists must have the same names that already exist in Symantec Endpoint Protection Manager. See Creating a file fingerprint list with checksum.exe. The automatic updates feature requires a compressed file (zip file) of the file fingerprint and application name lists. You can use the file compression feature in Windows or any compression utility to zip the files. | ||
Step 2 | Create an index.ini file | The index.ini file specifies which file fingerprint lists and application names lists Symantec Endpoint Protection Manager should update. You can create an index.ini file with any text editor and copy the file to the specified URL. | ||
Step 3 | Make the compressed file and index.ini available to Symantec Endpoint Protection Manager | Symantec Endpoint Protection Manager uses UNC, FTP, or HTTP/HTTPS to retrieve the index.ini file and zip file at the specified URL. Symantec Endpoint Protection Manager uses the instructions in the index.ini file to update the specified files. When you enable automatic updates, Symantec Endpoint Protection Manager periodically checks the URL for updated files based on the schedule you set.
| ||
Step 4 | Enable automatic whitelist and blacklist updates in the management console | You must enable the automatic update of existing whitelists or blacklists in the Symantec Endpoint Protection Manager console. You use the File Fingerprint Update dialog in Symantec Endpoint Protection Manager to enable the update feature and specify the schedule and the URL information. The blacklist mode must be available in Symantec Endpoint Protection Manager. See Making the blacklist mode for system lockdown appear in Symantec Endpoint Protection Manager. See Enabling automatic updates of whitelists and blacklists for system lockdown. | ||
Step 5 | Check the status of automatic updates for the whitelist or blacklist | You can make sure that Symantec Endpoint Protection Manager completes the updates by checking the status in the console. See Checking the status of automatic whitelist or blacklist updates for system lockdown. |
See Manually updating a file fingerprint list in Symantec Endpoint Protection Manager
|
|
Legacy ID
v69734333_v81626096
Article URL http://www.symantec.com/docs/HOWTO81094
Terms of use for this information are found in Legal Notices
Thank you.