Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Need to white list several old legacy application using SEPM console ?

Created: 13 Nov 2012 • Updated: 14 Nov 2012 | 7 comments
This issue has been solved. See solution.

Hi,

Can anyone please share your suggestion where I can add application binary with certain name or even signature MD5 hash to be white listed in the SEP controlled workstation ?

Thanks

Comments 7 CommentsJump to latest comment

.Brian's picture

I assume you want to exclude these from all scans, correct?

You're best is to set an application to monitor in your exception policy like below:

 

Once it appears in the exception list you can than set the option to ignore.

You can even add by file name as seen below as well.

Check this KB article as it will also give you a better understanding:

http://www.symantec.com/business/support/index?pag...

You can also send in those apps to Symantec to get added to their internal whitelist

https://submit.symantec.com/whitelist/isv/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
John Santana's picture

Thanks for the quick response Brian, what I'm after is that the White Listed so that the NTP doesn't block the old legacy application which is currently flagged as SID 20903 FTP Generic Command overflow

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

This the IPS feature so you cannot add this file to the AV exception. You would need to add the IP address of the machine that runs this software to exclde it from IPS or you can simply move this machine into its own group and apply a different IPS policy with just this signature disbaled.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

I have done that already Brian,

I have put the target server IP which is regarded as the "atacker" IP address to the white list.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

Did this fix it?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Thanks for the help guys, somehow SYmantec stopped this application forever, I guess I have to uninstall SEP 12.1 RU1 MP1 manually one by one in the company.

The legacy behaviour is that it install the Explorer plugin so that the user can browse to the application server with their Windows Explorer to the Samba share.

ever since SEP is installed, this apps died and the only way user can do it is through the Filezilla.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.