Video Screencast Help

SEPv11 - Importing Unapproved Application List into Fingerprint for System Lockdown

Created: 12 Mar 2010 • Updated: 21 May 2010 | 2 comments
This issue has been solved. See solution.

It appears that the View Unapproved Applications List in System Lockdown adds very little value since you cannot directly import this information into a new or existing file fingerprint. Is this by design?

I did the following steps to accomplish the import without the need to touch a remote system or run 3rd party tools like checksum.exe to obtain the new list of applications. A lot of the steps below can be automated with excel marcros, pearl scripts, and possibly SQL queries.

Adding unapproved applications to the file fingerprint list
1.       Enable Learn Applications that run on the client computers
2.       Follow the system lockdown recommended steps.
3.       Let everything run for a few days.
4.       View unapproved applications in System Lockdown.
5.       CTRL-A and copy all applications. Paste to Excel.
6.       Delete All columns except for Application.
7.       Search for Applications.
8.       Export the Query Results. Name the Export file with a .txt extension
9.       Go back to the excel spreadsheet with the unapproved applications data in column A and import the application search query export to column B. Use delimited data type.
10.    Delete all imported columns except for Name and File Fingerprint and column A which was the unapproved application list.
11.    (Optional) Step - Filter all columns and compare unnapproved application list column with the Name column. Delete cells that dont contain the same application name found in Column A and B. (Macro).
12.    Once a final list is filtered delete Column B leaving the Unapproved Application Column and File Fingerprint column.
13.    Save with a .txt extension. (Saving with a .csv or xls make work as well).
14.   Import and append to existing file fingerprint or create a new one.
15.   Let the SEP clients update the new policy.
16.  Reset the unapproved applications test and run it again.
17. Rinse and repeat.

Sure would be easier to have the option to right-click the unapproved list of applications and add it to a new file fingerprint or existing fingerprint.

Comments 2 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

 You can import them for your firewall rules.
and for App control

go to SEPM - Policies - Policy Components - File Finger Print list - Search for Application -Select Group - click Search
Select and Export the application finger print

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.