Endpoint Protection

Hello,

I'm having a doubt regarding the System Lockdown functiontality.

I ran the checksum utility on a target machine, for both C and D partition.
Then I merged the text files and I imported it in Policies>File Fingerprint List, creating a new fingerprint list file. Everything worked fine.

What I don't understand is why I continue to receive a lot of unapproved applications, even if I haven't added any new application.
I can see these applications in Monitor>Logs>Application and Device Control and in Clients>Policies>System Lockdown>View Unapproved  Applications.

Since the customer request is to lock the machine for permitting only approved application collected with checksum from an image, how can I resolve this issue?

Thanks in advance,
Alex.

you would have run on one client, however if the other clients are running other applications you are bound to see this.

Hi,

thanks for answering.

That's clear to me and the reason I was wondering what's wrong is because I have this behavior on a single machine.

Do I miss something?

Regards,

Alex.

The other likely issue is those processes are calling other processes which checksum does not capture. For instance, when Windows updates occur, many .TMP files can be created by the parent process.

Thank you Brian,

so, is there a way to avoid this behavior?

Regards,

Alex.

Due to TMP files being dynamic, I'm afraid there is not much of an easier way aside from adding the necessary exception(s).