Endpoint Protection

 View Only

  • 1.  Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 24, 2015 11:40 PM

    Hi, 

     

    I am trying to figure out the ways to configure application whitelists using Symantec Endpoint Protection (I haven't purchased the product yet).


    Am I able to whitelist applications according to their 1) Hash 2) Executable absolute path 3) Parent folder 4) Digital Signature?

     

     

    I have another question which is much less important  - does Symantec offer any endpoint comparison services?

     

    Thankyou - 

    Kimberley

     



  • 2.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 25, 2015 12:02 AM

    Am I able to whitelist applications according to their 1) Hash 2) Executable absolute path 3) Parent folder 4) Digital Signature?

    See this

    What is SYSTEM LOCKDOWN ? What Stages do I Implement SYSTEM LOCKDOWN in Symantec Endpoint Protection (SEP) ?

    https://www-secure.symantec.com/connect/articles/what-system-lockdown-what-stages-do-i-implement-system-lockdown-symantec-endpoint-protectio

     

    Does Symantec offer any endpoint comparison services?

    see below thread

    https://www-secure.symantec.com/connect/forums/discussion-about-sep-12-and-other-av



  • 3.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 25, 2015 01:46 AM

    That was really helpful thankyou, 

     

     

    It doesn't really state whether you can whitelist applications according to their HASH. I'm not comfortable with simply adding an application to the fingerprint list based on it's file location. 

    Do you know whether you can add applications to the file fingerprint list based on their HASH?

     

    Thanks,

     

    Kimberley

     

     



  • 4.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 25, 2015 02:11 AM

    See this

    How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

    http://www.symantec.com/business/support/index?page=content&id=tech97618

    see this thread

    https://www-secure.symantec.com/connect/forums/exclusion-using-file-fingerprint



  • 5.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature
    Best Answer

    Posted Feb 25, 2015 08:04 AM

    Yes you can whitelist via the hash...in fact you can do all you mentioned except digital signatures.

    SEP does offer whitelisting capabilities but it doesn't do true whitelisting.

    Setting up and testing the system lockdown configuration before you enable system lockdown

    Configuring system lockdown

     



  • 6.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 25, 2015 06:21 PM

    Hi Brian,

    What is the difference between whitelisting and true whitelisting? What do you mean by that?

     

    Thanks,

    Kimberley



  • 7.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 25, 2015 07:34 PM

    SEP offers whitelisting capability but a true whitelisting product would be something like what Bit9 offers. It would have a full management console dedicated just for that feature with multiple options. SEPs works nicely if you have the time and resources to set it up but if you're looking to move to whitelisting you'd want a product dedicated for it.



  • 8.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 25, 2015 11:18 PM

    I connected Symantec and said there was a Managemnet console that did allow you to manage whitelists?



  • 9.  RE: Configuring Symantec Endpoint Protection according to hash, file path, parent folder and digital signature

    Posted Feb 26, 2015 06:13 AM

    Yes, the SEPM does allow it. For what you need to do the SEPM is fine