Endpoint Protection

Hi,

while we blocking software using file fingerprint oprtion, how to block the same software with different versions? because for eg if we take winzip it is having many versions with different fingerprint values..what to do?

You can use the .exe to be vlocked insteads of using the checksum value of those application.

Like block winzip.exe to execute.

Best practices for Application and Device Control policy.

http://www.symantec.com/business/support/index?page=content&id=TECH145973

by doing like that, what my users are doing is they were renaming the file and they are using..finger print only exactly blokcing the application, if it is renamed also..

These are the two ways of stopping application to execute, if the end users rename then the best way is to use the checksum and include all the version.

Also if it's possible you may stop end user tampering files using Application and device control policy in case if you do not want to use the checksum/fingerprint.

A very easy way to to do this is to enable log learned applications. This will log every .exe that runs on a system and report it back to SEPM with fingerprint information, version, path, etc.... Think of this as an application inventory.

Then you can run a query for the application and export to to excel. Copy and paste the file fingerprint to your app and device policy.

If you want to block applications with the firewall it's even easier. You can run a search for an application using the firewall rule creator wizard. It will bring back the same info as above and then you select all of the different versions to add to your firewall policy. Of couse this is really only helping to block applications from communicating over the network.

means, we can check from firewall also..how to do this any help documents?

so there is not other way to block the application with different versions..by doing like that na, my blocking list gets increased?

this will help only to communicate on network.