Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Consistent hash / certificate based exception for Endpoint Protection

Created: 24 Oct 2012
RUSSYM's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

 

Currently hashed can be used for application control and firewall only. Exception for malware are limited to path, filename and extension. In some cases the filename and/or path is changed but the files are the same. In these cases it would be useful that an exception for malware scanning ( Definition based and SONAR /PTP) could be defined by a hash as well. So we can create our own whitelist, that can be used in the complete network. This whitelist could be used for each module. 
 
e.g.:
filehash1 exception for AV + SONAR / PTP
filehash2 exception for AV + SONAR / PTP + FIREWALL + APPLICATION CONTROL
filehash3 exception for APPLICATION CONTROL

 

Additionally a certification based exception would be usefull too. Files that were signed by predefined CA's could be excepted as well.