Automatically updating whitelists or blacklists for system lockdown

Article:HOWTO81094  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO81094
Article Type
How To


Subject


Automatically updating whitelists or blacklists for system lockdown

Symantec Endpoint Protection Manager can automatically update existing file fingerprint lists and application name lists that system lockdown uses in whitelist or blacklist mode.

Symantec Endpoint Protection Manager can update existing lists. It cannot automatically upload a new whitelist or blacklist.

You can also manually update existing file fingerprints.

Table: Updating whitelists or blacklists for system lockdown

Step

Task

Description

Step 1

Create updated file fingerprint lists or application name lists and compress the files

You can use the checksum.exe utility or any third-party utility to create the updated file fingerprint lists. You can use any text editor to update application name lists. The lists must have the same names that already exist in Symantec Endpoint Protection Manager.

See Creating a file fingerprint list with checksum.exe.

The automatic updates feature requires a compressed file (zip file) of the file fingerprint and application name lists. You can use the file compression feature in Windows or any compression utility to zip the files.

Step 2

Create an index.ini file

The index.ini file specifies which file fingerprint lists and application names lists Symantec Endpoint Protection Manager should update.

You can create an index.ini file with any text editor and copy the file to the specified URL.

See Creating an index.ini file for automatic updates of whitelists and blacklists that are used for system lockdown.

Step 3

Make the compressed file and index.ini available to Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager uses UNC, FTP, or HTTP/HTTPS to retrieve the index.ini file and zip file at the specified URL. Symantec Endpoint Protection Manager uses the instructions in the index.ini file to update the specified files. When you enable automatic updates, Symantec Endpoint Protection Manager periodically checks the URL for updated files based on the schedule you set.

Note:

If you cannot use UNC, FTP, or HTTP/HTTPS, you can copy the index.ini and updated file fingerprint and application name files directly into the following folder: ..\Symantec Endpoint Protection Manager\data\inbox\WhitelistBlacklist\content. The files should be unzipped. Symantec Endpoint Protection Manager checks this folder if it cannot use UNC, FTP, or HTTP/HTTPS to update the files.

Step 4

Enable automatic whitelist and blacklist updates in the management console

You must enable the automatic update of existing whitelists or blacklists in the Symantec Endpoint Protection Manager console.

You use the File Fingerprint Update dialog in Symantec Endpoint Protection Manager to enable the update feature and specify the schedule and the URL information. The blacklist mode must be available in Symantec Endpoint Protection Manager.

See Making the blacklist mode for system lockdown appear in Symantec Endpoint Protection Manager.

See Enabling automatic updates of whitelists and blacklists for system lockdown.

Step 5

Check the status of automatic updates for the whitelist or blacklist

You can make sure that Symantec Endpoint Protection Manager completes the updates by checking the status in the console.

See Checking the status of automatic whitelist or blacklist updates for system lockdown.

See Manually updating a file fingerprint list in Symantec Endpoint Protection Manager

See Configuring system lockdown


Legacy ID



v69734333_v81626096


Article URL http://www.symantec.com/docs/HOWTO81094


Terms of use for this information are found in Legal Notices