Endpoint Protection

We had SEPM 12.1 installed. I created a file fingerprint list using the checksum.exe tool for every program on my "C" drive. I applied the rule to two other identical laptops, running Windows 10, in a test group in the logging mode. It does not work. Every process, dll, exe, etc. on all three computers shows on the exception list. I added to the fingerprint list using checksum.exe on the other two laptops. Same problem. I upgraded to version 14. Same problem. I tried this on two servers running 2008 R2. Same problem. I called support - no help. Does anyone know how to make this work?

Did you upload the fingerprint to the SEPM and apply it to your specific group with System Lockdown enabled? Perhaps some screenshots would be helpful here. This has never been an issue for me in the past.

Here is a screen shot. I enabled System Lockdown. Added the File fingerprint list from my computer that I created by running 

"c:\>checksum.exe Master_File_Fingerprint_List.txt c:" and then uploaded it under policy settings. I also attached a file fingerprint list that was automatically generated from my laptop, "RobertsHPLaptop" and another "AMHPLAPTOP". Then I updated policy settings from both computers and after 7 minutes I have 152 exceptions from all three computers in the group.

And you confirmed these "files" are in your fingerprint list? Are these temp files or temp locations which are being detected? I suspect I know what's happening but I cannot see the file names.

Yep!

It's showing every file in the exceptions list. Files in the c:\windows\system32 folder that never move and everywhere else. The only way I can get it to ignore a file is manually add it to the file list below the fingerprint list option, which is not how I plan to manage this. 

Does anyone have an idea?