Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

How to read fingerprint list which running in SEP client PC

Created: 17 Nov 2011 | 4 comments

How to read fingerprint list which running in SEP client PC.

Comments 4 CommentsJump to latest comment

Kevin Tam's picture

I want to confirm a checksum in the list, anyone can help me?

Ajit Jha's picture

 

Managing file fingerprint lists

A file fingerprint list consists of a list of checksums, one for each application on a client computer. It includes the complete file paths of those applications. You can create a file fingerprint list from a software image that includes all the applications that you want to allow users to run. You can manage file fingerprint lists in Symantec Endpoint Protection Manager and use them in your system lockdown configuration.

 

Table: File fingerprint list management

Task

Description

Get an approved software image

Create a software image that includes all of the applications you want users to be able to run on their computers.

For example, your network might include Windows Vista 32-bit, Windows Vista 64-bit, and Windows XP SP2 clients. You can create a file fingerprint list for each client image.

Create a file fingerprint list

To create a file fingerprint list, you can use the Checksum.exe utility. The utility is installed along with Symantec Endpoint Protection on the client computer. You can run this command on each computer image in your environment to create a file fingerprint list for those images. Checksum.exe creates a text file that contains a list of all executables on that computer and their corresponding checksums.

You can run the utility from the command prompt. The file Checksum.exe is located in the following location:

C:\Program Files\Symantec\Symantec Endpoint Protection

 

Import the file fingerprint list into Symantec Endpoint Protection Manager

You can use Symantec Endpoint Protection Manager to import file fingerprint lists for each client computer type. You can merge the list into a master list. You can also add file fingerprints for the individual files that you want to approve.

 

Add the file fingerprint list to your system lockdown configuration

You can use file fingerprint lists in your system lockdown configuration. The file fingerprint lists indicate the approved applications in your network.

 

Update file fingerprint lists when you add or change the applications that run in your network

Over time you might change the allowed applications in your network. You can update your file fingerprint lists or remove lists as necessary.

If you run system lockdown, make sure that system lockdown is disabled or running in test mode before you modify or delete any file fingerprint lists.

You cannot directly edit a file fingerprint list. However, you can append a file fingerprint list to an existing list. You can also merge multiple file fingerprint lists that you already imported.

 

Delete file fingerprint lists only if you no longer use them

You can delete a file fingerprint list from Symantec Endpoint Protection Manager. However, you should not delete a file fingerprint list until you have tested your configuration. When you are sure that you no longer use the list, you can delete it from Symantec Endpoint Protection Manager.

 

 

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ajit Jha's picture

 

To create a file fingerprint list

  1. Go to the computer that contains the image for which you want to create a file fingerprint list. The computer must have Symantec Endpoint Protection client software installed.

  2. Open a command prompt window.

  3. Navigate to the directory that contains the file Checksum.exe. By default, this file is located in the following location:

    C:\Program Files\Symantec\Symantec Endpoint Protection

  4. Type the following command:

    checksum.exe outputfile drive

    where outputfile is the name of the text file that contains the checksums for all the executables that are located on the specified drive. The output file is a text file (outputfile.txt).

    The following is an example of the syntax you use:

    checksum.exe cdrive.txt c:\

    This command creates a file that is called cdrive.txt. It contains the checksums and file paths of all the executables and DLLs found on the C drive of the client computer on which it was run.

Regard's

Ajit Jha

Technical Consultant

ASC & STS