Am I able to whitelist applications according to their 1) Hash 2) Executable absolute path 3) Parent folder 4) Digital Signature?
See this
What is SYSTEM LOCKDOWN ? What Stages do I Implement SYSTEM LOCKDOWN in Symantec Endpoint Protection (SEP) ?
https://www-secure.symantec.com/connect/articles/what-system-lockdown-what-stages-do-i-implement-system-lockdown-symantec-endpoint-protectio
Does Symantec offer any endpoint comparison services?
see below thread
https://www-secure.symantec.com/connect/forums/discussion-about-sep-12-and-other-av