Endpoint Protection

Hi,

I am currently whitelisting applications on desktops using the Symantec Endpoint Protection Manager. I take file hash of each application, add it to a fingerprint list and implement this list of hashes.

Is there a way I can easily allow patch updates for applications? At present, all automatic updates cannot be run because that would involve installing an application with a hash that has not been registered on the whitelist. 

Regards,

Kimberley

Best way to go is run system lockdown in test mode first for a couple of weeks. You can add exclusions for the Windows update directories. There will be a few different ones.

About authorizing the use of applications, patches, and utilities

Hi,

Could you please check the link to that site? It doesn't seem to load.

Thanks :)
Kimberley

Hi,

Could you please check the link to that site? It doesn't seem to load.

Thanks :)
Kimberley

Not sure what's going on, I can't get it to load now either.

But in any event, you'll want to let it run in log mode so you can collect any necessary exclusions and add them accordingly:

http://www.symantec.com/docs/HOWTO80850

The closest I could find was for allowing SEP updates which also need to be added

Symantec Endpoint Protection system lockdown blocks definitions updates

I think this might be what you are looking for. 

Automatically updating whitelists or blacklists for system lockdown

https://support.symantec.com/en_US/article.HOWTO81094.html