Video Screencast Help

What is the purpose of Learn the applications that run on the client computers ?

Created: 12 Aug 2012 • Updated: 22 Aug 2012 | 11 comments
This issue has been solved. See solution.

In the Communications Settings for group name what is the use of "Upload" feature ?

it says as follows: Learn the applications that run on the client computers

Comments 11 CommentsJump to latest comment

pete_4u2002's picture

Application Learning allows Symantec Endpoint Protection (SEP) clients to report information and statistics about the executables that are run on them. This information is provided to the Symantec Endpoint Protection Manager (SEPM) and aggregated into the SEPM database. The purpose of this information is to build a list of known applications in an environment to create Application-based firewall rules, Host Integrity (HI) rules and can be used as a reference for developing Application Control rules and Centralized Exceptions

check this link

note the DB size increases.

Dushan Gomez's picture

Thanks Pete,

does enabling this option give benefits for reducing the weekly scheduled scan time in my company ?

or there is no improvement at all justa statistic for the SEPM reporting console ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

pete_4u2002's picture

not much benefit for scheduled scan or reportoing as far i know, unless you put central exception.It's helpfule for HI policy, Application based firewall policy.

Dushan Gomez's picture

Does it also means that I can create a report of what software is installed in my company if I enable this feature ?

because the security auditor would love to see such feature if available with SEP.

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

pete_4u2002's picture

You can search for an application in the following ways:

■ By application.

You can limit the search to specific applications or application details such as its name, file fingerprint, path, size, version, or last modified time.

■ By client or client computer.

You can search for the applications that either a specific user runs or a specific computer runs. For example, you can search on the computer’s IP address.

To search for information about the applications that the computers run
1 In the console, click Policies.
2 On the Policies page, under Tasks, click Search for Applications.
3 In the Search for Applications dialog box, to the right of the Search for  applications in field, click Browse.
4 In the SelectGrouporLocation dialog box, select a group of clients for which you want to view the applications, and then click OK.
You can specify only one group at a time.
5 Make sure that Search subgroups is checked.
6 Do one of the following actions:
■ To search by user or computer information, click Based onclient/computer information.
■ To search by application, click Based on applications

7 Click the empty cell under Search Field, and then select the search criterion

from the list.

The Search Field cell displays the criteria for the option that you selected.

For details about these criteria, click Help.

8 Click the empty cell under Comparison Operator, and then select one of the


9 Click the empty cell under Value, and then select or type a value.

The Value cell may provide a format or a value from the drop-down list,

depending on the criterion you selected in the Search Field cell.

10 To add an additional search criterion, click the second row, and then enter

information in the Search Field, Comparison Operator, and Value cells.

If you enter more than one row of search criteria, the query tries to match

all conditions.

11 Click Search.

12 In the Query Results table, do any of the following tasks:

■ Click the scroll arrows to view additional rows and columns.

■ Click Previous and Next to see additional screens of information.

■ Select a row, and then click View Details to see additional information about the application.

The results are not saved unless you export them to a file.

13 To remove the query results, click Clear All.

14 Click Close.

Dushan Gomez's picture

That sounds like pretty much System Center Configuration Manager (SCCM 2007) can do ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

John Q.'s picture

The purpose of application learning is to 'record' all applications executed on computers, so that you can then easily create Centralized Exceptions or other application-based policy (Application and Device Control, Firewall, etc.).

Be aware however this may have significant impact on database and SEPM console performances on huge environement.

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

Dushan Gomez's picture

Many thanks for the reply John,

If only the SEPM server affected, then it is fine as I can upgrade the vRAM on the VM and vCPU into 2x vCPU if need be.

My goal is of course to know what sort of application is executed in the company and also to prevent unauthorized application such as games, Bit Torrent client as well.

Can this be done ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

Dushan Gomez's picture

Many thanks people for the assistance !

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP