Video Screencast Help

learn applications

Created: 18 Oct 2012 • Updated: 21 Oct 2012 | 7 comments
This issue has been solved. See solution.

What is the function of learn applications in the Symantec Endpoint Protection?

Comments 7 CommentsJump to latest comment

consoleadmin's picture

The purpose of application learning is to 'record' all applications executed on computers, so that you can then easily create Centralized Exceptions or other application-based policy (Application and Device Control, Firewall, etc.).

Be aware however this may have significant impact on database and SEPM console performances on huge environement

Some link for you knowledge

http://www.symantec.com/business/support/index?page=content&id=HOWTO55218

https://www-secure.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

You can check this forums.

https://www-secure.symantec.com/connect/forums/bittorrent-block-using-application-and-device-control

Thanks.

consoleadmin's picture

https://www-secure.symantec.com/connect/forums/what-purpose-learn-applications-run-client-computers

You can search for an application in the following ways:

■ By application.

You can limit the search to specific applications or application details such as its name, file fingerprint, path, size, version, or last modified time.

■ By client or client computer.

You can search for the applications that either a specific user runs or a specific computer runs. For example, you can search on the computer’s IP address.

To search for information about the applications that the computers run
1 In the console, click Policies.
2 On the Policies page, under Tasks, click Search for Applications.
3 In the Search for Applications dialog box, to the right of the Search for  applications in field, click Browse.
4 In the SelectGrouporLocation dialog box, select a group of clients for which you want to view the applications, and then click OK.
You can specify only one group at a time.
5 Make sure that Search subgroups is checked.
6 Do one of the following actions:
■ To search by user or computer information, click Based onclient/computer information.
■ To search by application, click Based on applications

7 Click the empty cell under Search Field, and then select the search criterion

from the list.

The Search Field cell displays the criteria for the option that you selected.

For details about these criteria, click Help.

8 Click the empty cell under Comparison Operator, and then select one of the

operators.

9 Click the empty cell under Value, and then select or type a value.

The Value cell may provide a format or a value from the drop-down list,

depending on the criterion you selected in the Search Field cell.

10 To add an additional search criterion, click the second row, and then enter

information in the Search Field, Comparison Operator, and Value cells.

If you enter more than one row of search criteria, the query tries to match

all conditions.

11 Click Search.

12 In the Query Results table, do any of the following tasks:

■ Click the scroll arrows to view additional rows and columns.

■ Click Previous and Next to see additional screens of information.

■ Select a row, and then click View Details to see additional information about the application.

The results are not saved unless you export them to a file.

13 To remove the query results, click Clear All.

14 Click Close.

Thanks.

Ashish-Sharma's picture

Application Learning

The Windows Symantec Endpoint Protection client monitors and collects information about the applications and the services that run on each computer. You can configure the client to collect the information in a list and send the list to the management server. The list of applications and their characteristics is called learned applications.

You can use this information to find out what applications your users run. You can also use the information when you need information about applications in the following areas:

Monitoring applications and services that run on client computers

http://www.symantec.com/docs/HOWTO55218

Best Practices Guide to Application Learning in Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH134367

How to verify the status of Application Learning for Groups and Locations

http://www.symantec.com/business/support/index?page=content&id=TECH161484

Learn applications that run on the client computers"

Configuring the management server to collect information about the applications that the client computers run

http://www.symantec.com/business/support/index?page=content&id=HOWTO55219

Check this thread:

What is the purpose of Learn the applications that run on the client computers ?

http://www.symantec.com/connect/forums/what-purpose-learn-applications-run-client-computers

https://www-secure.symantec.com/connect/forums/learned-applications-symantec-endpoint-protection-manager

Thanks In Advance

Ashish Sharma

 

 

SOLUTION
Chetan Savade's picture

Hi,

You should learn both the concepts i.e.. Application learning & System lockdown

Application Learning

The Windows Symantec Endpoint Protection client monitors and collects information about the applications and the services that run on each computer. You can configure the client to collect the information in a list and send the list to the management server. The list of applications and their characteristics is called learned applications.

You can use this information to find out what applications your users run. You can also use the information when you need information about applications in the following areas:

Monitoring applications and services that run on client computers

http://www.symantec.com/docs/HOWTO55218

System Lockdown:

Setting up system lockdown

http://www.symantec.com/docs/HOWTO27320

Check this article for more reference:

https://www-secure.symantec.com/connect/forums/sep...

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<