Enabling system lockdown to run in blacklist mode
|Article:HOWTO81100|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO81100|
You can enable system lockdown to block a list of unapproved applications on your client computers. All applications in the unapproved list are blocked. The unapproved list is called a blacklist. Any other applications are allowed. Allowed applications are subject to Symantec Endpoint Protection's other protection features.
You can choose the whitelist or blacklist mode if you set up Symantec Endpoint Protection Manager to show both options.
You should configure system lockdown to block unapproved applications only after the following conditions are true:
You tested the system lockdown configuration with theoption.
You are sure that all of the applications that your client computers should block are listed in the unapproved applications list.
To enable system lockdown to run in blacklist mode
On the console, click Clients.
Under Clients, select the group for which you want to set up system lockdown.
If you select a subgroup, the parent group must have inheritance turned off.
On the Policies tab, select System Lockdown.
In the System Lockdown dialog box, select Enable Blacklist Mode.
Click Step 2: Enable System Lockdown. This step blocks any unapproved applications that clients try to run on the client computers in the selected group.
Under Unapproved Applications, make sure that you have included all the applications that your client computers should block.
A large number of named applications might decrease your client computer performance.
To display a message on the client computer when the client blocks an application, check Notify the user if an application is blocked.
Article URL http://www.symantec.com/docs/HOWTO81100