Endpoint Protection

 View Only

  • 1.  SEP queries

    Posted Jun 21, 2012 02:27 AM

    Our client has below mentioned queries regarding SEP deployment.

    If client plant to use application whitelisting (allowing specific applications and blocking all the rest), how they can manage below points.

    1. MS-updates, patches, service packs... Do we have to manually add every single patch, update and service pack in whitelist everytime or there is some better way to manage such operation? In client scenario, MS udpates, patches and service packs are usually pushed via SCCM server.

    2. Hardware drivers.. Similarly client has several different hardware brands in their network with several models. Do they have to manually add/allow each single driver in whitelist or is there some better way for managing this.

    Regards,

    Atif



  • 2.  RE: SEP queries

    Trusted Advisor
    Posted Jun 21, 2012 04:11 AM

    Hello,

    Why Whitelist an Application which is Clean and have a Good File Reputation?

    Check these Articles on how Symantec decides the Reputation of Files.

    How Symantec Endpoint Protection uses reputation data to make decisions about files

    http://www.symantec.com/docs/HOWTO55275

    How does Insight Lookup work?

    http://www.symantec.com/docs/TECH169282

    STAR

    http://www.symantec.com/theme.jsp?themeid=star

    It seems, a OLD Thread has been created by you on this similar Question - 

    https://www-secure.symantec.com/connect/forums/sep-application-whitelisting

    Hope that helps!!



  • 3.  RE: SEP queries

    Posted Jun 21, 2012 06:23 AM

    It might be because they need/want to very tightly control what is installed/rolled out in their network.

    I know you can wildcard devices by their GUID as a section of that denotes the manufacturer - do applications have the same thing whereby it shows the publisher?



  • 4.  RE: SEP queries

    Posted Jun 21, 2012 09:59 AM

    Indeed, after you have created and applied a whitelist for all approved applications (System Lockdown feature), you have to add every additional application/program to the System Lockdown approving list.

    For every type of hardware you could create a special image and whitelist. Then merge these whitelists in SEPM.

    As System Lockdown may be a bit dangerous (if your whitelist doesn't span all necessary applications, the client may freeze) and cumbersome to maintain, I would only use it in very special cases. Clients that will be patched daily aren't candidates for it.



  • 5.  RE: SEP queries

    Posted Nov 13, 2012 07:36 PM

    Hi,

    where can I find the location to put application whitelisting in SEPM console ?



  • 6.  RE: SEP queries

    Posted Nov 14, 2012 04:30 AM

    Process for white listing:-

     

     

    Software developer would like to add his/her software to the Symantec White-List.

     

     

    Problem



    Software developer would like to add his/her software to the Symantec White-List.


    Solution



    For software developers, authors, and Independent Software Vendors (ISVs), the Symantec Software White-List program offers an opportunity to have their software added to a white-list of known good software maintained by Symantec to reduce the possibility of false positives.  Please note that Symantec offers this service to reduce false positives, but cannot guarantee that false positives will not occur.  Decisions made by Symantec are also subject to change depending on a variety of factors that include but are not limited to alterations in the software, distribution of the software, or vulnerabilities in the software to misuse by the publisher or others. Symantec may also change its classification criteria and policies over time to address the constantly evolving security landscape.  To submit software to participate in this program, please submit the candidate software to Symantec using the Software White-Listing Request form.

    Software White-Listing Request Form:
    https://submit.symantec.com/whitelist/

     Note: If an application for white-listing is approved it can take a number of weeks for the software in question to be white-listed.  The applicant will be notified after the white-listing process for that software is completed.  The applicant will be notified if the application is not approved.


     

    Legacy ID



    2010050416291148


    Article URL http://www.symantec.com/docs/TECH132220


     

    https://submit.symantec.com/whitelist/isv/