Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

System lockdown and fingerprint list

Created: 04 Oct 2012 • Updated: 05 Oct 2012 | 4 comments
ThaveshinP's picture
This issue has been solved. See solution.

Is there documentation on using the VDI tool when trying to do a system lockdown? Have a base image that needs to used.

Is there documentation on completing a fingerprint list and configuring a system lockdown using base image?

Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Symantec Endpoint Protection 12.1 comes with a Tool "Virtual Image Exception"

The tool is located on SEP 12.1 Tools DVD under \Tools\Virtual Image exception

You need to download it from https//fileconnect.symantec.com. You would required serial number for the same.

Please see the following article for more information on use of the VIEtool:

http://www.symantec.com/business/support/resources/sites/BUSINESS/content/staging/DOCUMENTATION/4000/DOC4335/en_US/2.0/sep_virtual_image_exception.pdf

Using the Virtual Image Exception tool on a base image

http://www.symantec.com/docs/HOWTO55325

Symantec Endpoint Protection 12.1 & Virtualization

http://www.symantec.com/docs/TECH194383

 
Here are few Articles which may assist you  - 

Symantec Endpoint Protection 12.1 - Virtualization Best Practices

http://www.symantec.com/docs/TECH173650

Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

http://www.symantec.com/docs/TECH180229

How to prepare a Symantec Endpoint Protection 12.1 client for cloning (image)

http://www.symantec.com/business/support/index?page=content&id=HOWTO54706

How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1

http://www.symantec.com/docs/TECH163349 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

greg12's picture

Do you mean VIE tool?

System lockdown and Virtual Image Exception (VIE) don't have much in common. System lockdown uses a whitelist (fingerprint list) to allow only clean applications to run on the clients, while the vietool marks clean files so that they don't need to be scanned by SEP.

Both techniques are applied to clean images. System lockdown uses the checksum.exe tool to get the fingerprint list, while VIE uses vietool.exe to mark the clean files. 

If you install a new application on a client running System Lockdown, it's impossible to start the application (because it's not in the whitelist). If you do the same with a client that was prepared with VIE, the application will run -- and will be scanned by Auto-Protect or by scheduled scans because it's not marked.

Is there documentation on completing a fingerprint list and configuring a system lockdown using base image?

Yes, see Implementation Guide for SEP 12.1, chapter 20, starting with page 452. VIE and vietool are explained in a separate PDF file in the folder Mithun mentioned.

If you want to use VIE ans System Lockdown at the same time, I would keep the following order:

  1. Run a full scan on the base image, check for malware.
  2. Empty quarantine (if needed)
  3. Run checksum.exe for creation of fingerprint list
  4. Run vietool (that should always be the last step!)

BTW, System Lockdown is difficult to maintain because you have to add every new application (e.g., patches of Windows, Office, browsers etc.) to a special approval list. If you make a mistake (i.e., your fingerprint list does not cover all necessary applications), your client may freeze.

SOLUTION
W007's picture

Configuring SEP 12.1 in Virtual Environments

https://www-secure.symantec.com/connect/blogs/configuring-sep-121-virtual-environments

Symantec Endpoint Protection 12.1 - Virtualization Best Practices

http://www.symantec.com/business/support/index?page=content&id=TECH173650

About the Symantec Virtual Image Exception tool

http://www.symantec.com/business/support/index?page=content&id=TECH172218

Symantec Endpoint Protection 12.1 & Virtualization

http://www.symantec.com/business/support/index?page=content&id=TECH194383

Check this fourms

https://www-secure.symantec.com/connect/forums/sep-121-mp1-clientsidecloneprep-tool-virtual-exception-tool

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.