Endpoint Protection

 View Only

  • 1.  Application Control exceptions by certificates: gotomeeting

    Posted Mar 15, 2012 12:13 PM

    Hello,

    We are using Application Control to control our windows profiles.

     

    Our rules blocks the saving or executing of *.exe files in all folders and subfolders of the %userprofile%.

    Till now this worked fine for over 2 years, we had to whitelist a few files but that wasnt a big problem, till now. Now users needs to use gotomeeting for conferences etc. The problem is, that gotomeeting often needs to update itself before joining a meeting.

    In the background this means: that it has to write/execute severel exe files in the userprofile in different subfolders with different file versions, so md5 checksumms wont work unless we maintain them.

     

    Our service partner gave us the tipp, to use the gotomeeting certificates to whitelist the gotomeeting files, and that SEP can do application exceptions matched by certificates.

    After a little research in nearly every userguide, forum and knowledgebase of SEP, I wasnt able to find such a feature in SEP.

    So my question is, does such a feature exist or not.

     

    We are using Symantec Endpoint Protection 12.1 RU1 Enterprise.

     

    best regards

    Malte



  • 2.  RE: Application Control exceptions by certificates: gotomeeting

    Broadcom Employee
    Posted Mar 15, 2012 12:44 PM

    check this article for centralized exception

    Creating Centralized Exception Policies in SEPM

    http://www.symantec.com/business/support/index?page=content&id=TECH104326   



  • 3.  RE: Application Control exceptions by certificates: gotomeeting

    Posted Mar 15, 2012 01:46 PM

    I don't think a risk exception will help with application and device control policies.



  • 4.  RE: Application Control exceptions by certificates: gotomeeting

    Posted Mar 15, 2012 01:50 PM

    As far as I know there's no way to use certificates in an application and device control policy. At least I couldn't find a way to configure it that way.



  • 5.  RE: Application Control exceptions by certificates: gotomeeting

    Posted Mar 16, 2012 05:40 AM

    Are there any plans about such a feature? I think this could be very helpfull.



  • 6.  RE: Application Control exceptions by certificates: gotomeeting

    Posted Mar 16, 2012 07:53 PM

     

    Hi,
     
    You can also consider following steps if you dont want to add each and every file for Exceptions manually.
     
    http://www.symantec.com/business/support/index?page=content&id=HOWTO54867
     
    To create exceptions from log events in Symantec Endpoint Protection Manager
     
        On the Monitors tab, click the Logs tab.
        In the Log type drop-down list, select the Risk log, SONAR log, or Application and Device Control log.
        Click View Log.
        Next to Time range, select the time interval to filter the log.
        Select the entry or entries for which you want to create an exception.
        Next to Action, select the type of exception that you want to create.
        The exception type that you select must be valid for the item or items that you selected.
        Click Apply.
        In the dialog box, remove any items that you do not want to include in the exception.
        For security risks, check Log when the security risk is detected if you want Symantec Endpoint Protection Small Business Edition to log the detection.
     
        Select all of the Exceptions policies that should use the exception.
     
        Click OK


  • 7.  RE: Application Control exceptions by certificates: gotomeeting

    Posted Apr 25, 2012 11:56 AM

     

        On the Monitors tab, click the Logs tab.
        In the Log type drop-down list, select the Risk log, SONAR log, or Application and Device Control log.
        Click View Log.
        Next to Time range, select the time interval to filter the log and gotomeeting for now.
        Select the entry or entries for which you want to create an exception.
        Next to Action, select the type of exception that you want to create.
        The exception type that you select must be valid for the item or items that you selected.
        Click Apply.