Dears,
I am using symantec learning portal to study for DCS implementation but I am kind of confused, the scenario i am thinking about is if we have a host that have the predefined prevention policy "sym-win-hardened-sbp" applied to it and this host has an application that doesn't have a predefined sanbox in Symantec DCS in this scenario will the default prevention policy be able to protect the application or do we need to create a custom sandbox for this application and apply it to an application rule identifying this application and routing it to our custom sand box inside the applied prevention policy "sym-win-hardened-sbp" ?
Another question: if i need to create a custom sandbox for this application, from what i learned from the DCS video training is that I can enable application profilling from the java management console then make the console create the custom sandbox for me but the instructor said that this is not accurate and might leave holes in the custom sandbox so we need to review the created sanbox, but doesnt this mean I need to know everything about the application like what it is accessing...etc ? so what difference does this tool make?
Thanks in Advance.