Endpoint Protection

Hello everyone.
We use SEP V 12.1.6. The OS on server is Win server 2012. We have 500 clients with WINXP SP3 Proffesional. System Lockdown does not work properly. First of all we make fingerprint file and after updating Symantec Live the md5 file of UMEngx86.dll is altered. After that SLD function blocks all *.exe files on the clients. 
What do we do wrong?

Hello everyone.
We use SEP V 12.1.6. The OS on server is Win server 2012. We have 500 clients with WINXP SP3 Proffesional. System Lockdown does not work properly. First of all we make fingerprint file and after updating Symantec Live the md5 file of UMEngx86.dll is altered. After that SLD function blocks all *.exe files on the clients. 
What do we do wrong?

Was UMEngx86.dll part of the fingerprint file?

If everything is being blocked it sounds like you enabled it without letting it run in log mode for some time. It's best you let it run in log only mode to see what exceptions need to be. If exceptions need to be made they will need to be manually added.

Over how long a period did you run the fingerprint file? 

Did you allow the machines having the fingerprint file to be used as per normal over a period of time? 

If only a short period of time was used for the figerprint file then those files may not have launched in the time period not allowing the file to capture them so when you've put lockdown in enforcement mode it locks them down. 

Did you follow the system lockdown configuration?
https://support.symantec.com/en_US/article.HOWTO80848.html