Endpoint Protection

Does anyone know of an application whitelist that can be used with Application and Device control. I currently have a block rule for a variety of applications, which seems to be working until something new rears its ugly head. Having a white list of applications to allow woudl hopefully make this much easier to manage.

Meaning one provided by Symantec? If so, no.

There may something out there on the Internet. Are you looking for hashes, names, directories, etc?

Hi,

To monitor and control the behavior of applications on client computers, you use application control and system lockdown. Application control allows or blocks the defined applications that try to access system resources on a client computer. System lockdown allows only approved applications on client computers. To manage hardware devices that access client computers, you use device control.

Refer these guide: About application control, system lockdown, and device control

http://www.symantec.com/docs/HOWTO80859

Configuring system lockdown

http://www.symantec.com/docs/HOWTO80848

Whenever there is an update or change in application it changes it needs to be added/approve again. This is by design. 

Hello,

Check these Articles on how to configure SEP to block software.

Block Software By Fingerprint

https://www-secure.symantec.com/connect/articles/block-software-fingerprint

How to use Symantec Endpoint Protection to block or log legitimate but unauthorized software usage

http://www.symantec.com/docs/TECH97618

Configuring system lockdown

http://www.symantec.com/docs/HOWTO80848

Automatically updating whitelists or blacklists for system lockdown

http://www.symantec.com/docs/HOWTO81094
 

In case, you want to Whitelist an Application, then check this Article:

Software developer would like to add his/her software to the Symantec White-List.

http://www.symantec.com/docs/TECH132220

For software developers, authors, and Independent Software Vendors (ISVs), the Symantec Software White-List program offers an opportunity to have their software added to a white-list of known good software maintained by Symantec to reduce the possibility of false positives. 

To submit software to participate in this program, please submit the candidate software to Symantec using the Software White-Listing Request form.

Software White-Listing Request Form: https://submit.symantec.com/whitelist/

Secondly, there are 3 other things you could also do- 

1) Report a Suspected Erroneous Detection and Report a Suspected Erroneous Detection (False Positive) https://submit.symantec.com/false_positive/

Your selections:

• Detection occurred: While using an application

• Using product: Symantec Endpoint Protection 12.x

• Type of detection: SONAR (Behavioral Heuristics Detection)

2) Sign your files with Class-3 digital certificates (X.509) from a Certificate Authority if you need to publish softwares/files.

3) Also participate in white-listing program if needed http://www.symantec.com/docs/TECH132220

Hope that helps!!!