Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points!* Take the survey.

Fingerprint file referencing for the Application & Device Control Policy

Created: 16 Apr 2010 • Updated: 26 Apr 2010 | 3 comments
jimmyjames's picture
1 Agree
2 Disagree
-1 3 Votes
Login to vote
Status: Reviewed

I have had to stop using our Application and Device Control Policy to block programs running from CDs/DVDs as it simply isn't feasible to add a fingerprint for each Setup.exe file or other fingerprints, a line at a time in the policy.  There needs to be a way of referencing the File Fingerprint Lists from the Application and Device Control Policy itself.  

The software is also misleading as it states that the File Fingerprint Lists element is a 'component' of the policies listed above (one of which is the  Application and Device Control policy) but it clearly isn't.  If it was them my suggestion above would be possible.  A clear failing and something that has really annoyed me considering I have just moved back to Symantec after I inherited a Sophos site!

James

Comments 3 CommentsJump to latest comment

Ryan_Dasso's picture

I recommend reviewing the documentation of File Fingerprint Lists.

SEP_CD1\Documentation\Administration_Guide.pdf

It's very clear that File Fingerprint Lists are only used for System Lockdown.

0
Login to vote
jimmyjames's picture

I think this is a major failing of your product and have submitted a change request.  It would be far better to be able to reference this list for allowed applications.  Otherwise it is just far too time consuming to enter a new fingerprint for every application you want to allow people to run from CDs or USBs.  

0
Login to vote
Anshuman's picture

It would be gerat to have a functionality where we can use the fingerprint list for both block and allow of applications.

0
Login to vote