Endpoint Protection

Hi,
 

I am looking at using Symantec's fingerprint list as a method of application whitelisting. 

Does Symantec have a library of trusted files? I was hoping to be able to compare my file's hash to something before I allow it to be installed, run and executed. 

Thanks,

Kimberley

You need to run a checksum against all files on your system (golden image). Otherwise they are considered untrusted. Everything would be untrusted by default.

If you have implemented a fingerlist and you want to allow a new application to be installed from the internet, how do you know what the application's file binaries will be so you can hash it approrpriately and place it on the list? 

It would show up in the list of blocked applications with a fingerprint. You could then add that fingerprint as an exception.

Or you could download the application and run a checksum against it first, add the hash as an exception.

Dear Kimberley,

I agree with you that when whitelistening an application you must be sure that application is good.

If you are creating a golden image or deploying a new software, you should install only applications coming from trusted sources, most of the software houses do also share the MD5 of their binaries to allow IT administrators verifying their authenticity; you should not need to seek for second hand pieces of information from others but the author of the software you use in your company.