Thanks for your replies,
@ManishS -: I have implemented system lockdown as per the symantec methods, so your post, whilst informative does not really help me.
@pete_4u2002 -: I did a scan of our baseline computer and gathered all the executable names into a text file imported this text file into the system lockdown policy and enabled test mode. I keep getting multiple instances of executable names showing as unapproved, even though their name has been added as an approved application. I did the same thing with checksum, created a fingerprint list on our baseline server, imported it into system lockdown, and was still seeing some anomalies with certain files and executables showing in the log as unapproved applications, even though their checksum was in the list. I am confused.
Is the file fingerprint for, example, C:\Windows\System32\cscript.exe on Server1 the same as C:\Windows\System32\cscript.exe on Server2? I would assume that they are.
By using an executable name, is it safe to assume that all components associated with the exe automatically become approved, ie dll's etc?
Thanks for your replies.