Endpoint Protection

Hello Folks,

a customer wants to block several executables in his environment with SEP 12.1 RU1.

If he creates an application control policy with the exe filename it works just fine. If he uses MD5 or SHA1 hash and tries to block it via fingerprint, it does not work. When reviewing the application control reports, the block with exe name gets logged, block with fingerprint does not.

We tested on Windows 7 and Windows XP - also tried several executables (itunes.exe, chrome.exe)

Anyone had/has the same problem?

We tested and configured the policy as it is described here:

Testing application control rule sets
http://www.symantec.com/docs/HOWTO55152

Creating a file fingerprint list
http://www.symantec.com/docs/HOWTO55451

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage
http://www.symantec.com/docs/TECH97618

is the application running on system has the same MD5 value ?

Hello,

Check this Article:

Block Software By Fingerprint

https://www-secure.symantec.com/connect/articles/block-software-fingerprint

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

http://www.symantec.com/docs/TECH97618

Thanks for your reply. Your first mentioned article is a little bit different then the one we tried already. It works now.

Block Software By Fingerprint

https://www-secure.symantec.com/connect/articles/block-software-fingerprint