Now that RU5 has resolved the major issues I was having with system lockdown, I have been able to start seriously playing with it. While doing so, it has become apparent that major work needs to be done on the way file exclusion lists are handled. Currently file exclusions need to be entered one at a time in each group with system lockdown enabled. It is impossible to save a list of exclusions and import them into another group. It is even impossible to edit and exclusion once it has been created. You have to delete it and recreate it. If I only had to maintain one exclusion list, this would just be annoying, but in order for system lockdown to be implemented effectively in a production environment, it seems necessary to create at least two different test groups in addition to the main production group(s). One lab group is needed for testing the installation/updating of software in the locked down environement. This group needs to have the identical fingerprint files and file exceptions as the main production group(s) so that system lockdown in test mode can log any new executables being run by the updates and installers so the necessary exceptions can be added. PCs in this group are also used for generating the new fingerprint files. It also requires at least one production test group so that the changes can be tested on a subset of live users before being pushed to the entire organization. Although the fingerprint lists are easy enough to deal with, managing the files exclusions in the current version is both tedious and error prone. In addition, it would be nice if Symantec included automatic exclusions for files used by SEP that are updated automaticly by content downloads.
I would be happy to test and enhancement in my lab environment.