Endpoint Protection

I'm looking for a way to add a list of about 115 MD5 hashes to approximately 7 Application and Device Control policies.  If I can import a list or copy and paste all of them at once that would preferable.  At the moment adding them one at a time will take me forever.  Especially with the sluggish performance within my SEPM.

Can a multiple MD5 hashes be added at once?

I don't believe this is possible to do thru the SEPM console.

Is there any way to do this on the backend?  Like manually update the files that contain the policies? 

Also this may be all for not since I've been reading some stuff that says Application and Device Control is not applied to 64bit machines.  I am currently running SEPM 12.1 RU2 and my clients are SEP 11 RU6 MP2.  Would this be the case?

There might be some way with an update statement but I doubt it is supported or recommended. Symantec would be able to help though if so.

ADC is not compatible on 64bit OS with SEP 11.x

It is compatible with 64bit though if you use SEP 12.1

So just to be clear I would need SEP 12.1 installed on the clients before I can utilize the ADC on 64bit OS?

One other question that just came to mind is related to the functionality of applying MD5 hashes through the ADC policy.  So lets say I do get on the right version of SEP (SEP 12.1) and I do get the MD5's applied to the ADC policy.  If I run a scheduled scan on the machines in question will they trigger these MD5 hashes?  I guess I'm wondering what criteria will cause these ADC policies to be triggered upon? 

I'd love to be able to update my ADC policy get it applied to the machines and then have them report machines with the found MD5 hash on them just by running a simple scheduled scan.  Is this possible?

Yes

The scan piece is separate and wouldn not affect this. The only way to report on this is to have the rule trigger, which would than cause an entry in the log.

So I worked with a Symantec Security Engineer and he directed me to a link related to enabling the Application Blacklist.  This actually looks like it will do the best job for what I'm requesting.  By using the Application Blacklist you can apply a Fingerprint List of MD5 hashes.  This will save time since I won't have to manually enter each MD5 hash into the Application and Device Control policy and it also works with 64bit OS!  The only drawback is there is still no way to realtime scan for these MD5 hashes but there was no option using the ADC policy either.

http://www.symantec.com/docs/HOWTO80848

Hi there !!

I saw your answer and it is really old thread ...

can you please help with SPEM 14.x as I want a way to add multiple hashes entries to my application  policy ?

I currently use the System Lockdown blacklist but I didn't know you could import into the ADC policy?

Well its not exactly importing into the ADC policy.  I would actually be utilizing the Application Blacklist in place of the ADC policy in this case.  Instead of putting MD5 hashes in the ADC policy I put the MD5 hashes into a Fingerprint List that I add to my Application Blacklist.