Endpoint Protection

Hi Guyz,

Can someone explain to me how can I use this settings on SEP. “Keep track of every application that the clients run” It says on the explanation that this enables the server to collect information about the applications that each client in the site runs. You must also enable learned applications for the location or group so that the client sends the list of learned applications to the management server. How can I use this feature?

Thanks in advance.

 Perhaps you want to block users from running certain applications?  

Perhaps SEP detects an app as malicious, then you can at least create an exception for it, if you know for a fact that it is not.

Hi,

Usually, if you want to block certain application, then you need to provide the details of that application along with the file fingerprint for it.

However, if a SEP client detects that application running on the client machine, it records all this data and send it to SEPM, which is then stored in the database.

So, if you want to block an application, it can be picked up from the detected applications.  Please take a look at the screenshots below:

Create a notification for New Learned Applications

View the logs for commercial applications detected by the clients

Add an application firewall rule:

Cheers,
Aniket

No I don't need to block applications, it's just that I want to check or get track on the lists of applications running on users.

Hi Sir

Thank you so much for the well explained procedures above. However, I want to know how to track or list down the lists of running applications on clients and where exactly I can find it.

HI,

If you setup a notification for the newly learned applications, then you will receive emails when an application is detected.
Please let us know if that notification is able to provide you with the information you are looking for.

You can see the list of the detected applications from the screenshots for firewall rule.

Aniket

click on
monitors - logs - select
client server activity
click on advanced settings
select event type as server received learned application.
create report

or

click on notification
click on add
select forced or commercial application detected.
put in your email.
fill the remaining groups / server /computer info

or

for scheduled reports
select report type as :System status
select a report : site status report you will get the learned application by second
refer chap 22 from symantec manager help
the information is under
Creating notifications in the Symantec Endpoint Protection Manager

HI... I think it is not possible to list it in the client... However you can make a client to send it to server.
check this for more info...

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/36f099f2e011f3dc882573a2005a9326?OpenDocument 

Just a warning...

Depending on the size of your organization, this can result in a MASSIVE amount of data in your database.  I had replication issues becuase of this setting.