I would continue from the point where we left with knowing what FILE FINGERPRINT in SEP is and how to generate a FILE FINGERPRINT using the checksum.exe, how to edit, append or merge a FILE FINGERPRINT. Now lets look at how to configure a SYSTEM LOCKDOWN which is a protection setting that you can use to control the applications that can run on the client computer Previous Articles: What is "FILE FINGERPRINT LIST" in Symantec Endpoint Protection (SEP)? https://www-secure.symantec.com/connect/articles/what-file-fingerprint-list-symantec-endpoint-protection-sep Is it possible to EDIT, APPEND or MERGE a FILE FINGERPRINT in Symantec Endpoint PRotection Manager (SEPM) ? https://www-secure.symantec.com/connect/articles/it-possible-edit-append-or-merge-file-fingerprint-symantec-endpoint-protection-manager-sepm
System lockdown is a protection setting that you can use to control the applications that can run on the client computer. You can create a file fingerprint list that contains the checksums and the locations of all the applications that are authorized for use at your company. The client software includes a Checksum.exe tool that you can use to create a file fingerprint list. The advantage of system lockdown is that it can be enforced whether or not the user is connected to the network. You can use system lockdown to block almost any Trojan horse, spyware, or malware that tries to run or load itself into an existing application. For example, you can prevent these files from loading into Internet Explorer. System lockdown ensures that your system stays in a known and trusted state. Applications that run on the client computer can include the following executable files:
Thanks :-)
Enabling learned applications feature may help.. Have a check and let me know..
Maybe we need to re-check the configuration in that case
I have been running the system lockdown in test mode for 3 days to gather unapproved applications. However when I click on the view unapproved applications there is absolutley nothing in there even though on the client there are loads of entries in the control log for blocked applications in test mode? Any idea why these applications are not populating the unapproved applications list in system lockdown ?