Video Screencast Help

SEP queries

Created: 20 Jun 2012 | 5 comments
Atif's picture

Our client has below mentioned queries regarding SEP deployment.

If client plant to use application whitelisting (allowing specific applications and blocking all the rest), how they can manage below points.

1. MS-updates, patches, service packs... Do we have to manually add every single patch, update and service pack in whitelist everytime or there is some better way to manage such operation? In client scenario, MS udpates, patches and service packs are usually pushed via SCCM server.

2. Hardware drivers.. Similarly client has several different hardware brands in their network with several models. Do they have to manually add/allow each single driver in whitelist or is there some better way for managing this.

Regards,

Atif

Comments 5 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Why Whitelist an Application which is Clean and have a Good File Reputation?

Check these Articles on how Symantec decides the Reputation of Files.

How Symantec Endpoint Protection uses reputation data to make decisions about files

http://www.symantec.com/docs/HOWTO55275

How does Insight Lookup work?

http://www.symantec.com/docs/TECH169282

STAR

http://www.symantec.com/theme.jsp?themeid=star

It seems, a OLD Thread has been created by you on this similar Question - 

https://www-secure.symantec.com/connect/forums/sep-application-whitelisting

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Alex_CST's picture

It might be because they need/want to very tightly control what is installed/rolled out in their network.

I know you can wildcard devices by their GUID as a section of that denotes the manufacturer - do applications have the same thing whereby it shows the publisher?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

greg12's picture

Indeed, after you have created and applied a whitelist for all approved applications (System Lockdown feature), you have to add every additional application/program to the System Lockdown approving list.

For every type of hardware you could create a special image and whitelist. Then merge these whitelists in SEPM.

As System Lockdown may be a bit dangerous (if your whitelist doesn't span all necessary applications, the client may freeze) and cumbersome to maintain, I would only use it in very special cases. Clients that will be patched daily aren't candidates for it.

John Santana's picture

Hi,

where can I find the location to put application whitelisting in SEPM console ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Simpson Homer's picture

Process for white listing:-

 

 

Software developer would like to add his/her software to the Symantec White-List.

 

 

Problem

Software developer would like to add his/her software to the Symantec White-List.

Solution

For software developers, authors, and Independent Software Vendors (ISVs), the Symantec Software White-List program offers an opportunity to have their software added to a white-list of known good software maintained by Symantec to reduce the possibility of false positives.  Please note that Symantec offers this service to reduce false positives, but cannot guarantee that false positives will not occur.  Decisions made by Symantec are also subject to change depending on a variety of factors that include but are not limited to alterations in the software, distribution of the software, or vulnerabilities in the software to misuse by the publisher or others. Symantec may also change its classification criteria and policies over time to address the constantly evolving security landscape.  To submit software to participate in this program, please submit the candidate software to Symantec using the Software White-Listing Request form.

Software White-Listing Request Form:
https://submit.symantec.com/whitelist/

 Note: If an application for white-listing is approved it can take a number of weeks for the software in question to be white-listed.  The applicant will be notified after the white-listing process for that software is completed.  The applicant will be notified if the application is not approved.

 

Legacy ID

2010050416291148


Article URL http://www.symantec.com/docs/TECH132220


 

https://submit.symantec.com/whitelist/isv/