Endpoint Protection

Hi,

Using Symantec Endpoint Manager, I am trying to allow automatic updates to the whitelist.

Could someone please explain this process to me? 

Thanks, 

Kimberley

 

Hi,

Should be outlined in these articles:

Enabling automatic updates of whitelists and blacklists for system lockdown

Automatically updating whitelists or blacklists for system lockdown

Hi, 

I understand you can automate the upload of fingerprint file hashes to SEP, but can you automate the new application file hashes to the fingerprint list? Hashes from certified developers? 

I guess my main question here is, does Symantec Endpoint Protection have systems for identifying and installing applications by some kind of digital signature? 

Thanks again, 

Kimberley

Yes but these are two different components you're speaking of.

The Proactive Threat Protection component uses heuristics to detect malware, one of the criteria is digital signatures.

System lockdown is separate in that you add a list of file hashes to be allowed to run on the system. Digital signatures wouldn't come into play here.

If you need tp update hashes, you still have to run a checksum against those apps that have changed.

So basically you can't automate patches easily if you are using a whitelist. 

Whenever an application updates, you have to manually update the list to allow it to install. 

Sounds like a headache :\

For patches/updates you can if you whitelist directories instead applications names/hashes...with system lockdown you can whitelist both ways if you choose.

For example:

C:\Program Files\* would allow any application to run in the Program Files directory

C:\Program Files\*\* would allow any application to run in the Program Files directory and sub directories

Any time the hash changes, yes you would need to update the list.

You could whitelist just by name as well although this is less secure. Using the hash value is the safest but requires more time and resources.