Endpoint Protection

Hi,

How do you exclude files based on file finger-print?

N.Ra

Hello,

Creating an Exception specifically with File fingerprint is not possible.

However, there are other exceptions, which could be created with help of File fingerprint

Check this Article for SEP 12.1:

Creating exceptions for Symantec Endpoint Protection

You can only do it with system lockdown or using an application control policy.

Hope this Helps!!

is it for system lockdown?

check this link and let know if it helps

http://www.symantec.com/business/support/index?page=content&id=HOWTO55133

So this can be done only with the help of ADC?

These are servers and we have disabled PTP & NTP on these machines...... I was under the impression that we can somehow use CE policy for this.....

check this link to create a file fingerprint list. You can use the checksum.exe for the same

http://www.symantec.com/business/support/index?page=content&id=HOWTO55451

Hi NRaj,

Can you tell us what exactly you are trying to achieve? Do you want to exclude a particular file from scanning?

where did you see file fingerprint undr exception?

the above articles were related to system lockdown not for exception from scan.

I did not see fingerprint under exception. I was asking how to exclude files using their hash value, if it is under ADC. I do not wanna do a system lockdown. I have also explained my situation, if you see an alternative, lemme know.

ADC is used application and device control, it has nothing to do with scan exception.

you can exclude the application scan exception.Hope that might help.

App scan is only available in 12. We are running 11.07 (no upgrade in near future). I perfectly understand that ADc is for appln & device exclusion & not for scan. If the process in question is an application and if that can be excluded using the file's finger print, won't that help?

Is it possible to do an exception based on hash value?

ahh!! there is no way to put the exception using exception as far i know. you can put under IDEA.

Hmm..... Okay. But what is IDEA? you mean the enchancement request?

yes :-)

My issue does not seem to have a solution apart from the workarounds mentioned here....Thank you all for your time. 

These servers need to exclude few processes from being scanned. Since we have PTP & NTP disabled on servers, there is no point in excluding processes as processes (truscan) are a part of PTP which is disabled. So instead of the processes, we are trying to exclude the files using the file path.

But because of the huge number of servers, and the different locations where these applications are installed, the total number of exclusions came to 22,000. There are only 94 processes, but when the locations are considered, its number increases. So we thought we can exclude them using the file fingerprint exclusion option which i am not familiar with. If you can suggest a different option, it would be great. Thanks.

File fingerprint or hash value based exceptions are not supported in Centralised Exception policy. Since you are using SEPM ver 11.0.7 even application based exceptions are not supported. As PTP is not installed the ADC option also ruled out. So if you are not planning to upgrade then the only way is to exclude as a file in the CE policy. I know it's really difficult to configure 22K exceptions. If possible check once again and remove the unwanted exceptions then configure it.