Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Fingerprint file referencing for the Application & Device Control Policy

Created: 16 Apr 2010 • Updated: 26 Apr 2010 | 3 comments
jimmyjames's picture
1 Agree
2 Disagree
-1 3 Votes
Login to vote
Status: Reviewed

I have had to stop using our Application and Device Control Policy to block programs running from CDs/DVDs as it simply isn't feasible to add a fingerprint for each Setup.exe file or other fingerprints, a line at a time in the policy.  There needs to be a way of referencing the File Fingerprint Lists from the Application and Device Control Policy itself.  

The software is also misleading as it states that the File Fingerprint Lists element is a 'component' of the policies listed above (one of which is the  Application and Device Control policy) but it clearly isn't.  If it was them my suggestion above would be possible.  A clear failing and something that has really annoyed me considering I have just moved back to Symantec after I inherited a Sophos site!

James

Comments 3 CommentsJump to latest comment

Ryan_Dasso's picture

I recommend reviewing the documentation of File Fingerprint Lists.

SEP_CD1\Documentation\Administration_Guide.pdf

It's very clear that File Fingerprint Lists are only used for System Lockdown.

0
Login to vote
jimmyjames's picture

I think this is a major failing of your product and have submitted a change request.  It would be far better to be able to reference this list for allowed applications.  Otherwise it is just far too time consuming to enter a new fingerprint for every application you want to allow people to run from CDs or USBs.  

0
Login to vote
Anshuman's picture

It would be gerat to have a functionality where we can use the fingerprint list for both block and allow of applications.

0
Login to vote