Exclusion using file fingerprint
Updated: 02 Mar 2012 | 16 comments
This issue has been solved. See solution.
Hi,
How do you exclude files based on file finger-print?
N.Ra
Discussion Filed Under:
Hi,
How do you exclude files based on file finger-print?
N.Ra
Comments
Not possible.
Hello,
Creating an Exception specifically with File fingerprint is not possible.
However, there are other exceptions, which could be created with help of File fingerprint
Check this Article for SEP 12.1:
Creating exceptions for Symantec Endpoint Protection
You can only do it with system lockdown or using an application control policy.
Hope this Helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
is it for system
is it for system lockdown?
check this link and let know if it helps
http://www.symantec.com/business/support/index?page=content&id=HOWTO55133
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
So this can be done only with
So this can be done only with the help of ADC?
These are servers and we have disabled PTP & NTP on these machines...... I was under the impression that we can somehow use CE policy for this.....
check this link to create a
check this link to create a file fingerprint list. You can use the checksum.exe for the same
http://www.symantec.com/business/support/index?page=content&id=HOWTO55451
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi NRaj, Can you tell us
Hi NRaj,
Can you tell us what exactly you are trying to achieve? Do you want to exclude a particular file from scanning?
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
These servers need to exclude
These servers need to exclude few processes from being scanned. Since we have PTP & NTP disabled on servers, there is no point in excluding processes as processes (truscan) are a part of PTP which is disabled. So instead of the processes, we are trying to exclude the files using the file path.
But because of the huge number of servers, and the different locations where these applications are installed, the total number of exclusions came to 22,000. There are only 94 processes, but when the locations are considered, its number increases. So we thought we can exclude them using the file fingerprint exclusion option which i am not familiar with. If you can suggest a different option, it would be great. Thanks.
where did you see file
where did you see file fingerprint undr exception?
the above articles were related to system lockdown not for exception from scan.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
I did not see fingerprint
I did not see fingerprint under exception. I was asking how to exclude files using their hash value, if it is under ADC. I do not wanna do a system lockdown. I have also explained my situation, if you see an alternative, lemme know.
ADC is used application and
ADC is used application and device control, it has nothing to do with scan exception.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
you can exclude the
you can exclude the application scan exception.Hope that might help.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
App scan is only available in
App scan is only available in 12. We are running 11.07 (no upgrade in near future). I perfectly understand that ADc is for appln & device exclusion & not for scan. If the process in question is an application and if that can be excluded using the file's finger print, won't that help?
Is it possible to do an exception based on hash value?
ahh!! there is no way to put
ahh!! there is no way to put the exception using exception as far i know. you can put under IDEA.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hmm..... Okay. But what is
Hmm..... Okay. But what is IDEA? you mean the enchancement request?
yes :-)
yes :-)
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
My issue does not seem to
My issue does not seem to have a solution apart from the workarounds mentioned here....Thank you all for your time.
Hi NRaj
File fingerprint or hash value based exceptions are not supported in Centralised Exception policy. Since you are using SEPM ver 11.0.7 even application based exceptions are not supported. As PTP is not installed the ADC option also ruled out. So if you are not planning to upgrade then the only way is to exclude as a file in the CE policy. I know it's really difficult to configure 22K exceptions. If possible check once again and remove the unwanted exceptions then configure it.
Would you like to reply?
Login or Register to post your comment.