Fingerprint file referencing for the Application & Device Control Policy
I have had to stop using our Application and Device Control Policy to block programs running from CDs/DVDs as it simply isn't feasible to add a fingerprint for each Setup.exe file or other fingerprints, a line at a time in the policy. There needs to be a way of referencing the File Fingerprint Lists from the Application and Device Control Policy itself.
The software is also misleading as it states that the File Fingerprint Lists element is a 'component' of the policies listed above (one of which is the Application and Device Control policy) but it clearly isn't. If it was them my suggestion above would be possible. A clear failing and something that has really annoyed me considering I have just moved back to Symantec after I inherited a Sophos site!