ビデオヘルプ

Need to white list several old legacy application using SEPM console ?

作成: 13 Nov 2012 • 更新: 14 Nov 2012 | コメント数: 7
この問題は解決されました。 ソリューションを参照してください。

Hi,

Can anyone please share your suggestion where I can add application binary with certain name or even signature MD5 hash to be white listed in the SEP controlled workstation ?

Thanks

コメント コメント数: 7最新のコメントを表示

Brɨan の写真

I assume you want to exclude these from all scans, correct?

You're best is to set an application to monitor in your exception policy like below:

Once it appears in the exception list you can than set the option to ignore.

You can even add by file name as seen below as well.

Check this KB article as it will also give you a better understanding:

http://www.symantec.com/business/support/index?pag...

You can also send in those apps to Symantec to get added to their internal whitelist

https://submit.symantec.com/whitelist/isv/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

ソリューション
John Santana の写真

Thanks for the quick response Brian, what I'm after is that the White Listed so that the NTP doesn't block the old legacy application which is currently flagged as SID 20903 FTP Generic Command overflow

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Brɨan の写真

This the IPS feature so you cannot add this file to the AV exception. You would need to add the IP address of the machine that runs this software to exclde it from IPS or you can simply move this machine into its own group and apply a different IPS policy with just this signature disbaled.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana の写真

I have done that already Brian,

I have put the target server IP which is regarded as the "atacker" IP address to the white list.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Brɨan の写真

Did this fix it?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002 の写真

does this helps?
Software developer would like to add his/her software to the Symantec White-List.

http://www.symantec.com/docs/TECH132220

John Santana の写真

Thanks for the help guys, somehow SYmantec stopped this application forever, I guess I have to uninstall SEP 12.1 RU1 MP1 manually one by one in the company.

The legacy behaviour is that it install the Explorer plugin so that the user can browse to the application server with their Windows Explorer to the Samba share.

ever since SEP is installed, this apps died and the only way user can do it is through the Filezilla.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.